npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

git-repo-analyzer-package

v1.0.0

Published

Scan GitHub repositories and generate quality reports analyzing code quality, vulnerabilities, code review metrics, and performance

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

shubhamrwsshubhamrws

Keywords

githubrepositoryanalysiscode-qualityvulnerabilityperformancecode-review

Readme

git-repo-analyzer-package

Command-line tool to analyze GitHub repositories using SonarCloud-backed metrics, optional OpenAI deep analysis, and PDF export.

Description

git-repo-analyzer-package runs a repository analysis pipeline: it resolves an owner/repo (or GitHub URL), fetches quality data via the bundled SonarCloud flow, and can optionally run a second stage that uses the OpenAI API. Results are written as a PDF under a reports directory in the current working directory. You can also save the generated report object as JSON.

The CLI prints progress and status to the terminal; it does not require OpenAI to complete a run when OPENAI_API_KEY is unset (Sonar-only path).

Installation

npm install -g git-repo-analyzer-package

Or run without a global install:

npx git-repo-analyzer-package <owner/repo> [options]

Usage

npx git-repo-analyzer-package <owner/repo> [options]

The first argument is required: either owner/repo or a GitHub HTTPS URL. Invalid input causes the process to exit with a non-zero code.

Examples

npx git-repo-analyzer-package facebook/react
npx git-repo-analyzer-package owner/repo --security
npx git-repo-analyzer-package owner/repo --no-ai

If you pass no arguments, the CLI prints a short usage line and exits with code 1.

CLI options

| Option | Description | |--------|-------------| | --no-ai | Skips the optional OpenAI analysis stage entirely. | | --accessibility | When OpenAI is used, limits analysis to the accessibility-related option set (see below). | | --security | When OpenAI is used, limits analysis to security, vulnerabilities, dependencies, and risk options. | | --performance | When OpenAI is used, limits analysis to performance and database query efficiency options. | | --code-quality | When OpenAI is used, limits analysis to code quality, complexity, style, and maintainability options. | | --output <path> | Writes the generated report object to the given file path as JSON. |

Aliases (equivalent to the long flags above)

| Short | Long | |-------|------| | -a | --accessibility | | -s | --security | | -p | --performance | | -c | --code-quality |

Default OpenAI scope

If OPENAI_API_KEY is set, --no-ai is not passed, and none of the flags above are present, the CLI uses a fixed full list of OpenAI analysis labels (broad “full report” style). If one or more of the flags are present, the combined mapped labels replace that list. Flags only affect the OpenAI stage, not the SonarCloud step.

Environment setup

OpenAI (optional AI stage)

| Variable | Purpose | |----------|---------| | OPENAI_API_KEY | Required for the optional OpenAI analysis. If unset or empty, the tool runs without that stage (Sonar path still runs). |

No API keys are bundled with the package. Keys are read from the environment. The CLI loads a .env file from the current working directory (via dotenv), if present, so you can set variables there instead of the shell.

Examples:

macOS / Linux

export OPENAI_API_KEY=your_api_key_here
npx git-repo-analyzer-package owner/repo

Windows (user environment, new shells)

setx OPENAI_API_KEY "your_api_key_here"

SonarCloud

Quality metrics depend on the SonarCloud integration in the library (for example, SONAR_TOKEN and related organization or project settings). Configure these according to your deployment; the CLI does not print a separate Sonar “wizard.”

GitHub (private repositories)

If your workflow needs authenticated GitHub access for parts of the stack, use a GITHUB_TOKEN (or the mechanism your environment documents). The minimal CLI only passes owner/repo and does not accept a token flag on the command line.

Examples

# Sonar path only (no OpenAI) — omit or unset OPENAI_API_KEY
npx git-repo-analyzer-package octocat/Hello-World --no-ai

# OpenAI with a focus on security (API key set)
npx git-repo-analyzer-package owner/repo --security

# Save report JSON
npx git-repo-analyzer-package owner/repo --output ./report.json

Output

  • Standard output: Progress and status lines (for example, analysis and PDF steps).
  • PDF: reports/<owner>-<repo>-<timestamp>.pdf under the current working directory (the reports folder is created if needed).
  • JSON (optional): If you pass --output <path>, the CLI writes the report object (the report field from the internal analysis result) as formatted JSON to that path.

Illustrative metrics (illustration only; real values depend on SonarCloud and project data)

If Sonar data is available, a report may include quality scores and issue counts. Example shape:

| Field | Example | |-------|---------| | Overall score (0–10 scale, when present) | 8.5 | | Bugs | 2 | | Vulnerabilities | 1 | | Code smells | 30 |

When the OpenAI stage runs successfully, the PDF and optional JSON can incorporate AI narrative sections (for example, improvement suggestions), depending on the PDF generator and payload.

Notes

  • OpenAI is optional. Without OPENAI_API_KEY, the OpenAI import and call are not used in the same way as a keyed run, and the tool still performs the SonarCloud analysis path where configuration allows.
  • A working network is required for remote services (GitHub, SonarCloud, and OpenAI when used).
  • Public repositories are the straightforward case. Private repositories need appropriate tokens or configuration on your side; the global CLI does not add interactive credential prompts.
  • The exit code is non-zero on analysis or PDF errors.