30 open-source projects similar to uber/nullaway, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best NullAway alternative.
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
SpotBugs is a static analysis tool and bytecode analyzer for Java applications. It scans compiled class files to identify bugs, security vulnerabilities, and performance issues without executing the code. The system functions as both a bug detector and a static application security testing tool to locate logical errors and API misuse. The project distinguishes itself through a plugin-based detector architecture that allows the integration of external libraries to add custom detection rules. It provides specialized security auditing for vulnerabilities such as SQL injection, cross-site scripti
Credo is a static analysis tool and linter for Elixir. It functions as a code quality analyzer that scans source code to identify stylistic inconsistencies, common mistakes, and potential security vulnerabilities. The tool provides a customizable framework for defining and testing specialized rules to enforce project-specific coding standards. It identifies complex code fragments and duplication to highlight opportunities for refactoring and simplification. Its capabilities cover automated code reviews, the enforcement of Elixir coding standards, and real-time developer feedback through edit
Flake8 is a Python style checker and static analysis tool that identifies programmatic errors and violations of coding standards in source files. It serves as a linting wrapper that aggregates multiple checkers into a single interface, functioning as a pluggable framework for Python code analysis. The tool incorporates a cyclomatic complexity analyzer to measure the logical complexity of functions and identify code that requires refactoring. It is designed for extensibility, allowing the integration of custom plugins and rules through defined entry points. The system provides capabilities fo
This is a static analysis linter and code quality tool for Go. It analyzes source code to identify common coding errors, style mistakes, and inconsistencies with language conventions. The tool is designed for integration with text editors and integrated development environments, exporting linting results in formats that support quickfix menus. Its capabilities include Go static analysis and source code quality assurance across files and packages. The system utilizes a static analysis pipeline and rule-based pattern matching to identify structural patterns that violate predefined coding stand
Reek is a static code analyzer for Ruby projects designed to identify design flaws and maintainability issues known as code smells. It functions as a quality assurance tool that inspects source code without executing it to find structural weaknesses and architectural debt. The analyzer identifies specific patterns such as large classes, long methods, and uncommunicative naming. It also detects more complex design issues, including feature envy, data clumps, simulated polymorphism, and control coupling. The tool includes capabilities for issue baselining to manage legacy code and configuratio
Haxe is a statically typed, multi-target programming language and open-source compiler toolkit that translates a single codebase into native executables and scripts for JavaScript, C++, C#, Java, Python, Lua, PHP, and Flash targets. It provides a unified type system with automatic type inference, a compile-time macro system for code transformation and generation, conditional compilation directives, and a static analysis engine that enforces null safety and eliminates dead code to produce smaller, safer outputs. The language is supported by the HashLink virtual machine, which executes platform
PHP-Parser is a tool that converts PHP source code into an abstract syntax tree for static analysis and programmatic manipulation. It functions as a parser, a code generator, and a static analysis framework. The project enables the programmatic construction of abstract syntax tree nodes through a fluent interface and provides the ability to transform these trees back into formatted source code. It includes a serializer that exports abstract syntax trees to JSON format and reconstructs them from strings. The toolset covers several capability areas, including namespace resolution, constant exp
Error Prone is a static code analyzer and Java compiler extension that identifies common programming mistakes during the build process. It functions as a compiler wrapper that flags potential errors as compile-time failures to prevent bugs from reaching execution. The tool integrates directly into the Java compilation workflow to provide compile-time validation. It allows for the definition of custom linting rules and analysis checks to enforce specific coding standards and detect prohibited API usage. The system utilizes abstract syntax tree analysis and type-aware pattern matching to inspe
PMD is a multi-language static code analyzer used to identify programming flaws, unused variables, and dead code without executing the program. It functions as a code smell detector and coding standard enforcer, ensuring source code adheres to specific naming conventions, structural requirements, and project style guides. The project features an XPath-based rule engine that allows users to define custom analysis patterns using queries against an abstract syntax tree. It also includes a copy-paste detector to identify duplicated code blocks across multiple files and a visual rule designer for
p3c is a Java static analysis tool and code quality linter designed to enforce professional coding guidelines and quality standards. It utilizes a set of custom rules based on the PMD engine to scan source code for style violations, performance bottlenecks, and potential bugs. The project is distributed as an IDE linting plugin that provides real-time feedback and warnings during development. It also includes functionality for pre-commit code quality gates, allowing modified files to be scanned and blocked if they violate defined rules before being committed to version control. The analysis
Infer is a static analysis toolset for Java, C, C++, and Objective-C designed to detect memory leaks, null dereferences, and resource bugs. It functions as a multi-language bug finder that identifies race conditions, deadlocks, and memory safety issues by translating source code into a common intermediate representation for analysis. The project distinguishes itself through an inter-procedural data flow analyzer that tracks movement between sources and sinks to detect tainted flows and generate data flow graphs. It also includes a framework for verifying temporal properties and reachability u
go-tools is a collection of utilities for Go static analysis and memory layout optimization. It provides a toolset designed to analyze source code to detect bugs and dead code, alongside specialized tools for optimizing how structs are arranged in memory. The project includes a memory alignment visualizer to display physical memory layouts and padding, as well as a struct layout optimizer that reorders fields to minimize memory padding. Additionally, it provides a boilerplate generator to automate the creation of registration and test files required for developing custom Go analyzers. The to
Typeshed is a collection of static type definitions and stubs for the Python standard library and third-party packages. It serves as a standardized resource for static analyzers and integrated development environments to validate code correctness and provide type-based code completion without modifying the original source code of the libraries. The project focuses on the creation and maintenance of external type hint files that separate type annotations from runtime implementation. It utilizes a system for versioning and mapping these stubs to specific versions of runtime packages to maintain
code2flow is a static program flow mapper and source code call graph generator. It analyzes source code to produce visual flow diagrams that map function call relationships and execution paths. The project includes an asynchronous call trace visualizer that follows execution paths through async and await calls to map the logic of asynchronous programs. It also provides a programmable code analysis interface, allowing the call graph generation logic to be integrated into other software applications. The system handles static code analysis by converting source code into abstract syntax trees t
Pylint is a static code analyzer for Python that scans source code for errors, coding standard violations, code smells, and type-related issues without executing the program. It functions as a plugin-based linter framework, allowing users to extend its analysis capabilities with custom or third-party checks for project-specific rules and framework support. The tool also includes a duplicate code detector that identifies identical or near-identical code blocks across a project to help reduce redundancy. Beyond its core linting functionality, Pylint can generate UML class and package diagrams f
JSHint is a JavaScript static analysis tool and linter designed to detect errors and enforce coding standards. It functions as a syntax validator that scans source code to identify potential logic problems and programming mistakes before the code is executed. The tool provides a command line interface for analyzing files and directories. It supports the export of analysis results into standardized formats such as Checkstyle for integration with external build tools. Analysis is managed through a system of linting rule management and environment global configuration. This includes the ability
This project is a CSS linter and static analysis tool designed to identify syntax errors, logic flaws, and problematic patterns in Cascading Stylesheets. It functions as a command line validator that verifies code quality and enforces consistent styling and coding standards without requiring a web browser. The analyzer distinguishes itself by incorporating web accessibility auditing to detect patterns that hinder users with disabilities. It also performs browser compatibility checking to identify non-standard hacks and missing vendor prefixes, and provides performance optimization analysis to
Bandit is a static analysis security testing tool and vulnerability detection scanner for Python source code. It functions as a security-focused linter and static analyzer that identifies common vulnerabilities and architectural flaws without executing the program. The tool utilizes an abstract syntax tree to analyze code patterns and identifies risky function calls or insecure configurations. It employs a plugin-based rule engine to decouple scanning logic from individual security checks and supports configuration-driven filtering to exclude specific files or ignore certain warnings. The sy
Pytype is a static code analysis tool and type inference engine for Python. It functions as a static type analyzer that detects type mismatches and verifies type annotations without requiring full manual hinting, while also serving as a type stub generator for producing standalone definition files. The project distinguishes itself by automatically determining variable and function types through an analysis of code patterns and assignments. This inference engine allows for structural code verification and the generation of type stubs that describe the interfaces of modules and functions. The
Standard is a suite of static analysis tools for JavaScript, comprising a linter, formatter, and a predefined style guide. It functions as a static code analyzer that scans source code for style violations and potential errors without executing the program. The project provides an automatic code fixer that rewrites source code to resolve formatting issues and enforce syntax consistency. It implements a standardized set of rules for JavaScript formatting and syntax to ensure a uniform appearance across different projects. The system covers a wide range of static analysis capabilities, includi
Standard is a zero-configuration static analyzer, linter, and formatter for JavaScript. It functions as a style guide that enforces consistent coding rules and identifies programming errors without requiring manual configuration files. The tool distinguishes itself by providing an automatic code fixer that scans source files to correct style violations and ensure a uniform codebase. It implements a predefined rule set to eliminate the need for project-specific configuration. The project covers a broad range of static analysis capabilities, including support for experimental language syntax a
Identifies and prioritizes God Classes Highly Coupled classes, and Class Cycles in Java codebases you should refactor first.
Mix tasks to simplify use of Dialyzer in Elixir projects.
This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma
Vulture is a static analysis tool and linter designed to find unused variables, functions, and classes in Python source code. It operates as a dead code detector and unused code finder that scans source files to identify unreachable expressions and imports without executing the code. The tool employs a confidence-based heuristic scoring system to assign probability values to detections, helping to distinguish truly unused symbols from potential false positives. It further assists in pruning dead logic by sorting detected unused classes and functions by line count to prioritize the removal of
c3c is the compiler for the C3 programming language, transforming source code into executable binaries, static libraries, or dynamic libraries using an LLVM backend. It implements a system based on result-based error handling, scoped memory pooling, and a semantic macro system. The compiler provides first-class support for hardware-backed SIMD vectors that map directly to processor instructions and enables runtime polymorphism through interface-based dynamic dispatch. The project covers a broad set of low-level capabilities, including manual and pooled memory management, inline assembly inte
Phan is a static analyzer and type checker for PHP that identifies bugs and type incompatibilities without executing the code. It serves as a quality gate for continuous integration pipelines and a tool for verifying type safety, specifically checking union types, generics, and array shapes. The project is distinguished by its use of a background daemon and Language Server Protocol implementation, which provide real-time diagnostics and navigation within editors. It also features a baseline-based suppression system that allows developers to record existing errors in a snapshot file to focus e
This project is a high-performance static type checker and comprehensive development toolkit for Python. It functions as a core analysis engine that identifies type inconsistencies and enforces code correctness, while simultaneously providing a language server implementation to deliver real-time diagnostics and intelligence directly within development environments. The tool distinguishes itself through a parallelized execution engine that maximizes performance across large-scale codebases and monorepo structures. It supports gradual type adoption, allowing developers to integrate type checkin