deslopper
v2.1.0
Published
Detect and remove AI-generated code patterns (slop) from your branches or any directory, powered by Claude
Downloads
164
Maintainers
Readme
deslopper
Detect and remove AI-generated code patterns (slop) from your git branches — or any file or directory — powered by Claude.
AI coding assistants often introduce patterns that experienced developers recognize immediately: obvious comments, excessive try-catch blocks, verbose variable names, dead abstractions, and defensive programming overkill. deslopper scans your git diffs (or whole files you point it at) and flags this slop before it accumulates into technical debt — then optionally has Claude clean it up for you.
How it works
deslopper uses a hybrid engine:
- Regex pre-pass — a fast, free, offline scan for ~20 well-known slop patterns (debug logs, triple null checks, obvious comments, …). Instant and runs with zero setup.
- Claude pass (multi-pass) — deslopper reviews each changed file in its own parallel
claude -pcall (so attention stays on one file and large diffs aren't truncated), then runs one cross-file integration pass to catch systemic slop a per-file view misses (copy-pasted patterns, duplicated helpers, inconsistent handling). Each per-file pass confirms the regex hits, drops false positives, and finds semantic slop the regex can't see: over-engineering, dead code, awkward naming, swallowed errors, needless indirection.
The per-file passes run with bounded --concurrency (default 4). The Claude pass reuses your existing Claude Code login — no API key or extra dependency required. Don't have Claude Code, or want a pure-regex run? Add --no-ai.
The same engine runs in two modes: against a git diff (default — judges only the changed lines) or over the whole contents of any files/directories you pass (path mode — no git history needed). See Two scan modes.
Installation
npm install -g deslopperOr use directly with npx:
npx deslopperRequirements: Node 18+. The Claude pass additionally needs the Claude Code CLI installed and logged in (claude on your PATH). Without it, deslopper automatically falls back to the regex-only engine.
Quick Start
# Hybrid scan of current branch vs main (regex + Claude)
deslopper
# Scan whole files under a path — no diff, no git history needed
deslopper src/
deslopper path/to/file.ts
# Instant regex-only scan — no model call, no cost, works offline
deslopper --no-ai
# Scan against a different base branch
deslopper -b develop
# Detect, then have Claude remove the slop it found
deslopper --fix
# Use a stronger model for deeper analysis
deslopper --model sonnet
# Just the slop score
deslopper score
# Output as JSON for CI integration
deslopper -jWhat It Detects
The regex pre-pass catches known stylistic tells:
High Severity
- Debug
console.logstatements left in code - Function entry/exit logging patterns
Medium Severity
- Generic TODO placeholders without context
- Triple null/undefined checks
- Empty catch blocks that only log errors
- Excessive function entry/exit logging
Low Severity
- Verbose obvious comments ("Initialize the variable")
- Section divider comments
- Redundant return undefined
- Explicit boolean comparisons (=== true)
- Unnecessary try-catch wrappers
- Promise.all with single promise
The Claude pass goes further, judging the diff in context to catch slop no regex can: unused variables, dead abstractions, over-engineering, bloated naming, error swallowing, and boilerplate a human would write far more tersely — while filtering out the regex pass's false positives.
Run deslopper patterns to see all regex detection rules.
Commands
| Command | Description |
|---------|-------------|
| deslopper or deslopper scan | Scan changed files for slop (hybrid by default) |
| deslopper <path...> | Scan whole files under one or more files/directories |
| deslopper patterns | List all regex detection patterns |
| deslopper score | Show slop score only (0-100) |
Two scan modes
- Diff mode (default) —
deslopper(optionally with-b <base>) reviews only what changed between your branch and the base, judging just the added lines. Best for catching slop before merge. - Path mode —
deslopper <path...>reviews the full contents of every analyzable file under the given files/directories, regardless of git history. Directories are walked recursively, skippingnode_modules,dist,.gitand the other build dirs. Best for auditing existing code or a repo you didn't write. All other flags (--no-ai,--fix,--model,--max-cost,--concurrency,score) work the same; in path mode--fixedits files in their own repo. Cost scales with the number of files, so--max-costis handy for large trees.
Options
| Option | Description |
|--------|-------------|
| -b, --base <branch> | Base branch to compare against (default: main) |
| -a, --all | Scan all lines, not just diff additions |
| --ai | Force the Claude pass on (errors if claude is missing) |
| --no-ai | Regex only — skip Claude (fast, free, offline) |
| --fix | Have Claude remove the detected slop (edits files in place) |
| --model <model> | Model for the Claude pass (default: haiku; try sonnet for depth) |
| --max-cost <usd> | Cap total spend for the scan (stops launching per-file passes once reached) |
| --concurrency <n> | Parallel per-file Claude passes (default: 4) |
| -j, --json | Output as JSON |
| -v, --verbose | Show all matches including low severity, with fix suggestions |
| -q, --quiet | Only show summary |
The default model is configurable via the DESLOP_MODEL environment variable.
Cost & Authentication
The Claude pass shells out to claude -p and reuses whatever authentication Claude Code already has — a Pro/Max subscription login, or ANTHROPIC_API_KEY. Nothing extra to configure if you already use Claude Code.
Because each changed file is its own call (plus one cross-file pass), cost scales with the number of files — roughly a few cents per file on the default haiku model. --max-cost caps the total spend for a scan (deslopper stops launching new per-file passes once the budget is reached and tells you which files it skipped); --no-ai spends nothing. --fix runs an additional pass.
Fixing slop
deslopper --fixdeslopper detects the slop, then asks Claude to remove it from the changed files — deleting obvious comments, dead code and debug logging, and simplifying defensive overkill — while preserving behavior and skipping anything risky to change automatically. Edits are applied to your working tree:
git diff # review what changed
git checkout -- <file> # undo a file if you disagree--fix only acts on Claude-confirmed findings, edits are scoped to the changed files (anything else Claude touches is reverted automatically), and it warns if your tree is dirty so its edits stay easy to review. Commit or stash first for the cleanest diff.
Security
deslopper runs a model over your diff, which may include code from untrusted branches or pull requests. The trust model:
- Detection is read-only. The Claude pass runs with file-editing and shell tools disabled, so analyzing an untrusted diff cannot modify your machine.
--fixis sandboxed. It grants Claude onlyRead/Edit;Bash,Write, and other tools are explicitly denied (an allow-list alone is not a sandbox in headless mode), edits are confined to the flagged files, and the prompt instructs the model to treat all file content as data, never instructions.
Treat --fix like any tool that edits source: review the diff before committing.
Slop Score
The slop score ranges from 0 to 100:
- 0-19: Clean code
- 20-49: Some cleanup needed
- 50+: Significant slop detected
The score weights issues by severity (high: 10, medium: 5, low: 1) and normalizes per analyzed file so larger PRs don't automatically score worse.
CI Integration
Add deslopper to your pipeline to catch slop before merge.
Fast, deterministic regex gate (no model call, no secrets):
# GitHub Actions example
- name: Check for AI slop
run: npx deslopper --no-ai --json > slop-report.json
- name: Fail if high severity
run: |
if [ $(cat slop-report.json | jq '.bySeverity.high') -gt 0 ]; then
echo "High severity slop detected"
exit 1
fiDeeper semantic review (set ANTHROPIC_API_KEY as a secret and add --ai):
- name: AI slop review
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: npx deslopper --ai --json > slop-report.jsonThe CLI exits with code 1 if high severity issues are found.
Programmatic Usage
import { analyzeChangesWithAI, calculateSlopScore, fixSlop } from 'deslopper';
// Hybrid analysis (regex + Claude)
const results = await analyzeChangesWithAI({
baseBranch: 'main',
diffOnly: true,
model: 'haiku', // optional
});
console.log(`Slop score: ${calculateSlopScore(results)}`);
console.log(`Claude: ${results.ai.summary}`);
for (const file of results.files) {
for (const match of file.matches) {
console.log(`${file.filePath}:${match.lineNumber} [${match.source}] ${match.name}`);
if (match.suggestion) console.log(` → ${match.suggestion}`);
}
}
// Or remove the slop
await fixSlop(results, { model: 'sonnet' });To scan whole files under a path instead of a diff, use analyzePathsWithAI({ paths: ['src'] }) (or the synchronous regex-only analyzePaths({ paths: ['src'] })); both return the same result shape. Prefer the regex-only diff engine (synchronous, no model call)? Import analyzeChanges instead. The low-level runClaude / isClaudeAvailable helpers are also exported.
Patterns Reference
Verbose Obvious Comments
AI often adds comments that state the obvious:
// Bad (AI slop)
// Initialize the result variable
const result = [];
// Good (human style)
const result = [];Triple Null Checks
AI tends to be overly defensive:
// Bad (AI slop)
if (value !== null && value !== undefined && value !== '') {
// ...
}
// Good (human style)
if (value) {
// ...
}Debug Logging
AI frequently leaves debug statements:
// Bad (AI slop)
console.log('DEBUG: entering function');
console.log('TEMP: value is', value);
// Good (human style)
// No debug logs in production codeEmpty Catch Blocks
AI wraps everything in try-catch:
// Bad (AI slop)
try {
const data = JSON.parse(str);
} catch (error) {
console.error('Error parsing JSON:', error);
}
// Good (human style - if you need try-catch)
try {
const data = JSON.parse(str);
} catch (error) {
throw new ParseError(`Invalid JSON: ${error.message}`);
}Why "Slop"?
The term "slop" emerged in developer communities to describe AI-generated code that technically works but has telltale signs of non-human origin: over-engineered, overly defensive, excessively commented, and stylistically inconsistent with human-written code.
Slop isn't necessarily buggy - it's just... sloppy. It clutters codebases, obscures intent, and creates maintenance burden. This tool helps you catch it early — and now, with Claude in the loop, it understands the code well enough to tell real slop from the false alarms.
Contributing
Found a slop pattern that should be detected? Open an issue or PR with:
- Example of the slop pattern
- Why it's typically AI-generated
- Suggested regex or detection logic (for the pre-pass), or a description of the semantic signal (for the Claude pass)
Credits
deslopper builds on the original deslop by Nader Dabit — its regex slop-detection engine and CLI scaffold. deslopper adds the hybrid Claude pass, whole-file/directory scanning, the --fix workflow, and budget controls.
License
MIT — © 2026 Nader Dabit (original deslop), © 2026 Ivor Padilla (deslopper).
