JSPM

@ramnalawade1986/comprehensive-code-analyzer

0.0.2
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 5
  • Score
    100M100P100Q26746F
  • License MIT

A comprehensive TypeScript/JavaScript code analyzer with SonarQube-style quality analysis, security scanning, and GDPR compliance checking

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@ramnalawade1986/comprehensive-code-analyzer) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Comprehensive Code Analyzer

    A powerful, extensible TypeScript/JavaScript code analyzer that provides SonarQube-style quality analysis, security scanning, and GDPR compliance checking.

    Features

    🔍 Quality Analysis

    • Cyclomatic & Cognitive Complexity - Advanced complexity metrics with configurable thresholds
    • Maintainability Index - Halstead-based maintainability scoring
    • Technical Debt Assessment - Quantified technical debt in minutes
    • Code Duplication Detection - AST-based duplication analysis with refactoring suggestions
    • Documentation Coverage - JSDoc analysis with quality scoring
    • Naming Convention Validation - Configurable naming rules for functions, classes, variables

    🛡️ Security Analysis

    • Vulnerability Scanning - Detection of common security vulnerabilities
    • Secret Detection - API keys, passwords, and sensitive data detection
    • Cryptographic Analysis - Weak encryption and hashing algorithm detection
    • Input Validation - SQL injection, XSS, and other injection vulnerabilities

    📋 Compliance Checking

    • GDPR Compliance - Personal data handling and privacy compliance analysis
    • Security Standards - OWASP Top 10 compliance checking
    • Industry Standards - Configurable compliance framework support

    📊 Quality Gates

    • SonarQube-style Gates - Configurable quality thresholds
    • Rating System - A-E ratings for complexity, maintainability, and reliability
    • Metrics Dashboard - Comprehensive project health metrics

    Installation

    Global Installation

    npm install -g @aitek/comprehensive-code-analyzer

    Project Installation

    npm install --save-dev @aitek/comprehensive-code-analyzer

    Quick Start

    Command Line Usage

    # Analyze current directory
code-analyzer analyze .

# Analyze specific files
code-analyzer analyze src/components/*.ts

# Generate HTML report
code-analyzer analyze . --format html --output report.html

# Run specific analyzers only
code-analyzer analyze . --analyzers quality-analyzer,security-analyzer

# Initialize configuration file
code-analyzer init

    Programmatic Usage

    import { ComprehensiveCodeAnalyzer } from '@aitek/comprehensive-code-analyzer';

const analyzer = new ComprehensiveCodeAnalyzer();

// Analyze files
const report = await analyzer.analyze(['src/**/*.ts'], {
  analyzers: ['quality-analyzer', 'security-analyzer'],
  format: 'json',
  includeMetrics: true
});

console.log(`Found ${report.summary.totalIssues} issues`);
console.log(`Quality Rating: ${report.summary.qualityRating}`);
console.log(`Technical Debt: ${report.summary.technicalDebt} minutes`);

    Configuration

    Create a .code-analyzer.json file in your project root:

    {
  "analyzers": [
    "quality-analyzer",
    "security-analyzer",
    "vulnerability-scanner",
    "gdpr-compliance-analyzer"
  ],
  "include": ["**/*.{ts,js,tsx,jsx}"],
  "exclude": ["node_modules/**", "dist/**", "*.test.{ts,js}"],
  "thresholds": {
    "cyclomaticComplexity": 10,
    "cognitiveComplexity": 15,
    "maintainabilityIndex": 20,
    "technicalDebtRatio": 5,
    "duplicatedLinesThreshold": 3
  },
  "qualityGates": {
    "coverage": 80,
    "duplicatedLines": 3,
    "maintainabilityRating": "C",
    "reliabilityRating": "B"
  },
  "reporting": {
    "format": "json",
    "includeMetrics": true,
    "includeSuggestions": true
  }
}

    Available Analyzers

    Analyzer Description
    quality-analyzer Code quality, complexity, and maintainability analysis
    security-analyzer General security vulnerability detection
    vulnerability-scanner Known vulnerability and dependency scanning
    cryptographic-analyzer Cryptographic implementation analysis
    secret-detector Sensitive data and credential detection
    gdpr-compliance-analyzer GDPR and privacy compliance checking

    Output Formats

    JSON (Default)

    code-analyzer analyze . --format json --output report.json

    HTML Report

    code-analyzer analyze . --format html --output report.html

    Markdown

    code-analyzer analyze . --format markdown --output report.md

    SARIF (Static Analysis Results Interchange Format)

    code-analyzer analyze . --format sarif --output report.sarif

    Quality Metrics

    The analyzer provides comprehensive metrics including:

    • Cyclomatic Complexity - Measure of code complexity
    • Cognitive Complexity - Human-perceived complexity
    • Maintainability Index - Overall maintainability score
    • Technical Debt - Estimated time to fix issues
    • Code Coverage - Test coverage analysis
    • Duplication Percentage - Code duplication metrics
    • Quality Ratings - A-E ratings for different aspects

    Integration

    CI/CD Integration

    # GitHub Actions
- name: Code Analysis
  run: |
    npm install -g @aitek/comprehensive-code-analyzer
    code-analyzer analyze . --format sarif --output results.sarif
    
- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: results.sarif

    Pre-commit Hook

    {
  "husky": {
    "hooks": {
      "pre-commit": "code-analyzer analyze --analyzers quality-analyzer"
    }
  }
}

    VS Code Integration

    Add to your VS Code tasks:

    {
  "version": "2.0.0",
  "tasks": [
    {
      "label": "Analyze Code Quality",
      "type": "shell",
      "command": "code-analyzer",
      "args": ["analyze", ".", "--format", "json"],
      "group": "build",
      "presentation": {
        "echo": true,
        "reveal": "always"
      }
    }
  ]
}

    Custom Analyzers

    Extend the analyzer with custom rules:

    import { BaseAnalyzer, AnalysisResult, ParsedFile } from '@aitek/comprehensive-code-analyzer';

class CustomAnalyzer extends BaseAnalyzer {
  readonly id = 'custom-analyzer';
  readonly name = 'Custom Rules Analyzer';
  readonly description = 'Custom business logic analysis';

  async analyze(files: ParsedFile[]): Promise<AnalysisResult> {
    const issues = [];
    
    for (const file of files) {
      // Your custom analysis logic
      if (this.violatesBusinessRule(file)) {
        issues.push(this.createIssue(
          'Business Rule Violation',
          'Custom business rule violated',
          file.path,
          'Fix according to business requirements'
        ));
      }
    }
    
    return this.createAnalysisResult(issues);
  }
  
  private violatesBusinessRule(file: ParsedFile): boolean {
    // Your custom logic here
    return false;
  }
}

// Register custom analyzer
const analyzer = new ComprehensiveCodeAnalyzer();
analyzer.registerAnalyzer(new CustomAnalyzer());

    API Reference

    ComprehensiveCodeAnalyzer

    Main analyzer class for running analysis.

    Methods

    • analyze(paths: string[], options?: AnalysisOptions): Promise<AnalysisReport>
    • getAvailableAnalyzers(): string[]
    • registerAnalyzer(analyzer: Analyzer): void

    AnalysisOptions

    Configuration options for analysis.

    interface AnalysisOptions {
  analyzers?: string[];
  filePatterns?: string[];
  format?: 'json' | 'html' | 'markdown' | 'sarif';
  outputPath?: string;
  includeMetrics?: boolean;
  includeSuggestions?: boolean;
}

    AnalysisReport

    Analysis results structure.

    interface AnalysisReport {
  summary: {
    totalFiles: number;
    totalIssues: number;
    criticalIssues: number;
    highIssues: number;
    mediumIssues: number;
    lowIssues: number;
    technicalDebt: number;
    qualityRating: 'A' | 'B' | 'C' | 'D' | 'E';
  };
  results: AnalysisResult[];
  metrics?: Record<string, any>;
  timestamp: string;
  version: string;
}

    Examples

    Basic Quality Analysis

    # Analyze TypeScript project
code-analyzer analyze src/ --analyzers quality-analyzer

# Generate detailed HTML report
code-analyzer analyze . --format html --output quality-report.html

    Security Focused Analysis

    # Run security analyzers only
code-analyzer analyze . --analyzers security-analyzer,vulnerability-scanner,secret-detector

# SARIF output for security tools
code-analyzer analyze . --format sarif --output security.sarif

    GDPR Compliance Check

    # Check GDPR compliance
code-analyzer analyze . --analyzers gdpr-compliance-analyzer --format markdown --output gdpr-report.md

    CI/CD Pipeline

    # Fail build on high-priority issues
code-analyzer analyze . --analyzers quality-analyzer,security-analyzer || exit 1

    Contributing

    1. Fork the repository
    2. Create a feature branch
    3. Add tests for new functionality
    4. Ensure all tests pass
    5. Submit a pull request

    License

    MIT License - see LICENSE file for details.

    Support

    Made with ❤️ by the Aitek Development Team