npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

gohorse-score

v0.1.0

Published

Lightweight CLI tool that scans Java repositories and produces a legacy modernization diagnostic report

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

flavioneubauerflavioneubauer

Keywords

javalegacymodernizationarchitecturescannercli

Readme

🐎 GoHorse Score

GoHorse Score is a lightweight CLI tool that scans Java repositories and produces a legacy modernization diagnostic report.

It helps engineers and architects understand:

  • how outdated the stack is
  • architectural risks
  • structural hotspots
  • CRUD coverage and feature complexity
  • shared dependencies and coupling
  • testing maturity

The tool runs offline and never uploads code.

Inspired by the famous Brazilian engineering philosophy:

"Go Horse Programming" 🐎

Why this tool exists

Many enterprise Java systems accumulate years of technical debt.

Common symptoms:

  • giant classes
  • legacy frameworks
  • missing tests
  • tightly coupled dependencies
  • incomplete CRUDs scattered everywhere

GoHorse Score gives a quick architectural diagnosis.

Example

🐎 GoHorse Score

GoHorse Score: 42 / 100 (higher = worse)
Classification: Smelly

Key Findings

• Java 8 runtime detected
• 37 classes larger than 1000 lines
• Controllers calling repositories directly
• Test coverage extremely low

Installation

Run directly with npx:

npx gohorse-score

Or install globally:

npm install -g gohorse-score

Usage

From the root of a Java repository:

gohorse-score

Optional:

gohorse-score --path ./project
gohorse-score --catalog ./version-catalog.json
gohorse-score --parent-pom ../parent/pom.xml

Output

The scanner generates:

legacy-report/
  summary.md
  details.json
  hotspots.md
  entity-graph.mmd
  tests.md

Metrics Analyzed

Stack & Frameworks

Detects:

  • Java version
  • Spring Boot
  • Hibernate (including XML configs, HBM mappings, dialects)
  • Quarkus
  • Java EE / Jakarta
  • JSF
  • EJB
  • Struts
  • Database (via JDBC drivers and Hibernate dialect)
  • web.xml (servlets, filters, servlet API version)

Modules / Features

Detects controllers and modules by:

  • Annotations: @RestController, @Controller, @Path, @ManagedBean, @Named
  • Class name conventions: *Controller, *Resource (covers legacy projects without annotations)
  • Struts: classes ending with Action

For each module, reports endpoint count, type (REST/JSF/Struts/other), and injected services.

CRUD Detection

Identifies CRUD operations per controller using two strategies:

REST controllers — detected via HTTP verb annotations:

| Annotation | Operation | |---|---| | @PostMapping / @POST | Create | | @GetMapping / @GET | Read | | @PutMapping / @PatchMapping / @PUT / @PATCH | Update | | @DeleteMapping / @DELETE | Delete |

JSF / Struts / Legacy controllers — detected via method name patterns (PT-BR + EN):

| Operation | Method name patterns | |---|---| | Create | save, insert, create, register, persist, store, cadastrar, salvar, inserir, adicionar, registrar, gravar, novo, criar | | Read | get, find, fetch, load, list, search, query, read, show, buscar, consultar, listar, pesquisar, carregar, exibir, mostrar, obter, detalhar | | Update | update, edit, modify, patch, change, put, merge, alterar, atualizar, editar, modificar, corrigir | | Delete | delete, remove, destroy, drop, purge, excluir, remover, deletar, apagar, inativar |

Each controller gets:

  • CRUD completeness: full (C+R+U+D), partial, or none
  • Complexity: low, medium, or high (based on endpoints, injected services, and line count)

Shared Dependencies

Aggregates service dependencies across all controllers to identify:

  • Highly coupled services — used by many controllers
  • Cross-cutting concerns — audit, notification, logging services
  • Critical dependencies — high blast radius on changes

Detected dependency suffixes (case insensitive):

*Service, *ServiceImpl, *BO, *DAO, *Facade, *Manager, *Helper, *Bean, *Delegate, *Repository, *Controle

Supports injection detection via:

  • @Autowired, @Inject (field and setter)
  • Constructor injection
  • @EJB
  • @ManagedProperty (JSF)
  • Field type matching (covers XML-wired Spring/Java EE projects with no annotations)

Code Complexity

Detects:

  • large classes (> 1000 lines)
  • large methods (> 120 lines)
  • code hotspots (risk score = lines x imports)

Architecture Violations

Detects:

  • controllers calling repositories directly (layering violation)
  • @Transactional in wrong layers

Entity Model

Detects JPA entities and relationships:

  • @Entity
  • @OneToMany
  • @ManyToOne
  • @ManyToMany
  • @OneToOne

Generates entity relationship graph (Mermaid).

Testing

Detects:

  • test presence
  • test ratio
  • test frameworks

Frameworks detected:

  • JUnit
  • Mockito
  • Spring Test
  • Testcontainers
  • RestAssured

Dependency Status

Checks project dependencies against a version catalog to identify:

  • Current versions
  • Outdated versions
  • End-of-life (EOL) dependencies

GoHorse Score

Score starts at 0 and increases with each issue found.

Higher score = more technical debt.

Penalties added for:

  • old Java versions (< 11: +15, < 17: +8)
  • legacy frameworks (Struts: +10)
  • old Servlet API (< 3.0: +10, < 4.0: +5)
  • large classes (+1 each, max 15)
  • large methods (+1 each, max 10)
  • missing tests (+15) or low test ratio (+10)
  • layering violations (+8)
  • @Transactional misuse (+5)
  • legacy HBM XML mappings (up to +8)
  • EOL dependencies (up to +25)
  • outdated dependencies (up to +10)

Score Levels

| Score | Classification | |-------|---------------| | 0–20 | Clean | | 21–40 | Acceptable | | 41–60 | Smelly | | 61–80 | GoHorse | | 81–100 | Extreme GoHorse |

Philosophy

This tool intentionally avoids:

  • heavy static analysis
  • compilation
  • dependency resolution
  • AI analysis

Instead it focuses on fast architectural heuristics.

Roadmap

Future improvements may include:

  • HTML dashboard
  • CI integration
  • deeper dependency analysis
  • modernization roadmap generator

License

MIT

Disclaimer

This tool is intended for diagnostic purposes only.

It does not replace architectural review by experienced engineers.