30 open-source projects similar to classgraph/classgraph, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Classgraph alternative.
Depends is a fast, comprehensive code dependency analysis tool
A multi-language tool which parses source code for function definitions and calls
Dependency analysis and optimization toolkit for modern JavaScript and TypeScript codebases. Enforce dependency graph hygiene and remove unused code with a very fast CLI.
Sourcetrail is an interactive source code explorer and visualizer designed for indexing and navigating relationships between symbols and structures across large, multi-language codebases. It functions as a static analysis indexer and code dependency visualizer that maps calls and dependencies between source files to help reveal project architecture. The tool enables multi-language project analysis by using a language-agnostic indexing system to track symbols across different programming languages within a single interface. It allows for the discovery of software architecture and the explorati
Hutool is a standard utility library for Java application development designed to simplify common programming tasks and reduce boilerplate code. It provides a comprehensive collection of reusable helper classes and static utilities to streamline development across the Java ecosystem. The project implements a wide array of specialized toolkits, including systems for cryptography and security, network communication via HTTP and JSON clients, and the processing of office documents and file system IO. It also features a concurrency and scheduling framework for managing asynchronous tasks and recu
This project is a static analysis engine designed to identify patterns, enforce coding standards, and automate code quality improvements in software projects. By parsing source code into structured abstract syntax trees, it enables deep programmatic inspection and the automated remediation of identified programming issues. The engine functions as a pluggable linting framework, allowing developers to extend its core capabilities through a modular architecture. Users can inject custom rules, parsers, and processors to support non-standard file formats or domain-specific logic. This extensibilit
High performance Java reflection
Tools for code analysis, visualizations, or style-preserving source transformation.
CodeQL is a semantic code analysis engine and vulnerability scanning tool that treats source code as data. It utilizes a static analysis query language to define complex patterns and security vulnerabilities within a code graph database. The system represents source code as a relational database, enabling the execution of structural queries and data flow analysis. This approach allows for the detection of security flaws and coding errors across large-scale repositories. The tool provides capabilities for automated code auditing, static analysis security testing, and custom vulnerability dete
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
Sqlvet performs static analysis on raw SQL queries in your Go code base to surface potential runtime errors at build time.
jOOR - Fluent Reflection in Java jOOR is a very simple fluent API that gives access to your Java Class structures in a more intuitive way. The JDK's reflection APIs are hard and verbose to use. Other languages have much simpler constructs to access type meta information at runtime. Let us make Java reflection better.
Language agnostic linter that keeps your code and documentation in sync and valid
ApplicationInspector is a multi-language static analysis tool designed to detect specific features and characteristics within source code. It utilizes a declarative JSON rules engine to identify patterns and structural tags across project directories without requiring the analyzer to be recompiled. The system distinguishes itself through a code version differ that compares two different source paths to report changes in detected features. It also provides utilities for creating and validating custom JSON-based rules, including a validation pipeline to verify syntax and identifier uniqueness.
DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.
todocheck is a static code analyzer for annotated TODO comments.
Quick automated code review of your changes
Reflections is a Java classpath scanning library and metadata indexer designed to locate classes, methods, and resources at runtime. It functions as a tool for annotation discovery and type hierarchy analysis, allowing the system to identify elements marked with specific annotations or to resolve super-types and subtypes within the Java virtual machine. The project distinguishes itself through metadata serialization, providing mechanisms to save the scanned index to persistent files or source code. This capability reduces application startup overhead by eliminating the need for repeated, expe
A simple code complexity analyser without caring about the C/C++ header files or Java imports, supports most of the popular languages.
Ale is a Neovim LSP client and asynchronous linter wrapper designed to integrate language servers and syntax checkers into the editor. It provides infrastructure for background syntax validation and automated code fixing without blocking the editor interface. The project implements the Language Server Protocol to enable advanced semantic navigation, including symbol renaming, definition jumping, and the application of automatic refactoring changes. It functions as an automatic code fixer that applies formatting and repairs based on feedback from linting tools and language servers. The plugin
T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.
oxc is a high-performance JavaScript toolchain developed in Rust for parsing, transforming, and analyzing JavaScript and TypeScript source code. It provides a set of core utilities including a parser that converts code into an abstract syntax tree, a linter for identifying problematic patterns, a formatter for standardizing visual style, and a minifier for reducing production file sizes. The project focuses on high-performance execution through a system design that utilizes single-pass parsing, zero-copy string slicing, and parallel worker processing to handle large codebases. It further opti
Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes.
Undebt is a fast, straightforward, reliable tool for performing massive, automated code refactoring used @Yelp. Undebt lets you define complex find-and-replace rules using standard, straightforward Python that can be applied quickly to an entire code base with a simple command.
Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co
🐊 Pluggable and configurable JavaScript Linter, code transformer and formatter with superpowers 💪: built-in support of js, jsx, ts, markdown, yaml, toml, json and ignore. Write declarative codemods in a simplest possible way 😏
The Microsoft.CodeAnalysis.NetAnalyzers package moved into the dotnet/sdk repository for further development and respond to issues formerly in this repository.
Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantaco.github.io/skylos/repo-map/