Dead Code Analyzer for ServiceNow


A powerful static analysis tool that identifies unused (dead) code in your ServiceNow scoped applications. Analyzes JavaScript from XML files, detects method definitions and usage patterns, and generates detailed reports to help you maintain a clean, efficient codebase.

🎯 Why Use This Tool?

- Improve Code Quality: Remove unused methods and reduce technical debt
- Faster Development: Easier navigation and understanding of active code
- Better Performance: Less code to load and maintain
- Reduced Risk: Identify and remove potentially vulnerable unused code
- Compliance: Meet code quality standards and audit requirements

✨ Features

- Comprehensive Analysis: Scans all ServiceNow XML files including Script Includes, Business Rules, UI Actions, and more
- Smart Detection: Uses Babel AST parsing for accurate JavaScript analysis
- ServiceNow Patterns: Recognizes Class.create(), lifecycle methods, and ServiceNow-specific code patterns
- Recursive Scanning: Analyzes nested directories and all XML-embedded JavaScript
- JavaScript Everywhere: Extracts and validates JavaScript from XML fields, CDATA sections, and attributes
- Detailed Reports: Generates actionable reports with line numbers, method details, and statistics
- Zero Configuration: Works out of the box with sensible defaults
- Fast: Analyzes hundreds of files in seconds

📋 Prerequisites

- Node.js 18 or higher
- ServiceNow XML export files from your scoped application

🚀 Quick Start

$3

``bash


Install globally

npm install -g dead-code-analyzer

Or use with npx (no installation needed)

npx dead-code-analyzer
`

$3

`bash


Analyze current directory

dead-code-analyzer

Analyze specific folder

dead-code-analyzer /path/to/servicenow/update

Analyze with custom output location

dead-code-analyzer my-app -o ./reports/dead-code-report.txt

Enable debug logging

dead-code-analyzer my-app -l debug
`

$3

`bash


1. Export your ServiceNow application

- In ServiceNow, go to System Applications > Studio

- Select your application

- Export to XML (Source Control > Export to XML)

2. Navigate to the exported update folder

cd ~/Downloads/my-app-export/update

3. Run the analyzer

dead-code-analyzer

4. Review the generated report

cat dead-code-report.txt

5. Clean up identified dead code

- Review each method carefully

- Remove unused private methods first

- Test thoroughly after each removal

`

💡 Real-World Example

Let's say you have a ServiceNow scoped application with 50+ Script Includes:

`bash


Navigate to your application's update directory

cd ~/projects/my-incident-app/update

Run the analyzer

dead-code-analyzer

Output shows:

✓ Found 50 XML files

✓ Extracted 45 Script Includes

✓ Detected 250 methods

✗ Found 35 potentially unused methods (14%)

#

Report saved to: dead-code-report.txt

`

Results:
- Identified 35 unused methods across 12 files
- Removed 20 private helper methods safely
- Reviewed 15 public methods with team
- Cleaned up 400+ lines of dead code
- Improved code maintainability and reduced technical debt

📖 Usage

$3

`
dead-code-analyzer [path] [options]

Arguments:
path Path to folder containing ServiceNow XML files
(default: current directory)

Options:
-o, --output Output file for the report (default: ./dead-code-report.txt)
-l, --log-level Log level: debug, info, warn, error (default: info)
-h, --help Show help message
`

$3

The analyzer generates a comprehensive text report showing:

`
============================================================
ANALYSIS SUMMARY
============================================================

📁 Files Analyzed: 410
📊 Total Methods: 171
✓ Methods Used: 617
✗ Dead Methods: 36 (21.05%)
- Private: 9
- Public: 27
📉 Dead Code Lines: ~349 lines
`

🔍 What Gets Analyzed

The tool analyzes JavaScript code from all ServiceNow XML files, including:

- Script Includes (sys_script_include)
- Business Rules (sys_script)
- UI Actions (sys_ui_action)
- Scheduled Scripts (sysauto_script)
- Fix Scripts (sys_script_fix)
- Client Scripts (sys_script_client)
- UI Policies (sys_ui_policy)
- Workflow Scripts and more

$3

Method Definitions:
- Prototype methods: MyClass.prototype.myMethod = function() {}
- Object methods: { myMethod: function() {} }
- Function declarations: function myMethod() {}
- Arrow functions: const myMethod = () => {}
- Private methods (starting with _)

Method Usage:
- Direct calls: myMethod()
- Member calls: this.myMethod(), obj.myMethod()
- Constructor calls: new MyClass()
- Chained calls: obj.method1().method2()
- Dynamic references in strings

$3

The tool automatically excludes:
- Client-callable methods (marked as client_callable)
- ServiceNow lifecycle methods (initialize, type, constructor)
- Methods from external libraries
- Dynamically invoked methods (when detected)

📊 Sample Report

`
================================================================================
SERVICENOW DEAD CODE ANALYSIS REPORT
================================================================================

Generated: November 6, 2025, 10:45 AM
Files Analyzed: 410
Analysis Duration: 0.93s

================================================================================
POTENTIALLY DEAD METHODS
================================================================================

File: MyScriptInclude.js (sys_script_include)
Class: MyScriptInclude
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

[PRIVATE] _helperMethod()
Location: Lines 45-52 (8 lines)
Type: object
Reason: No references found

[PUBLIC] unusedMethod()
Location: Lines 78-95 (18 lines)
Type: object
Reason: No references found

⚠️ RECOMMENDATION: Review private methods first - they're safer to remove
`

⚠️ Important Considerations

$3

The analyzer uses static analysis and may flag methods as dead that are actually used in ways it cannot detect:

- Dynamic invocation: Methods called via eval(), window[methodName](), or computed properties
- Framework callbacks: ServiceNow may call methods based on naming conventions
- External integrations: REST APIs, SOAP endpoints, or integration hub actions
- Client-side code: Methods invoked from UI Pages, widgets, or portal pages
- Reflection patterns: Methods accessed through GlideRecord.getValue() or similar

$3

✅ DO:
- Review each flagged method carefully before deletion
- Start with private methods (prefixed with _) - they're safer to remove
- Run comprehensive tests after removing any code
- Use version control and create a backup before cleanup
- Search globally for the method name (including in UI Actions, client scripts, etc.)
- Consider marking methods as @deprecated before removing

❌ DON'T:
- Delete all flagged methods without review
- Remove public methods without stakeholder approval
- Skip testing after code removal
- Forget to check for REST/SOAP/IntegrationHub usage

🔧 Advanced Usage

$3

`bash


Generate report in specific directory


dead-code-analyzer ~/my-app -o ~/reports/cleanup-$(date +%Y%m%d).txt
`

$3

`bash


See detailed analysis information


dead-code-analyzer my-app -l debug
`

$3

`bash


Add to your build pipeline

npx dead-code-analyzer /path/to/exported/xml -o build/dead-code-report.txt

Check if dead code percentage exceeds threshold

(requires custom scripting around the tool)

`

🔧 Troubleshooting

$3

Problem: The analyzer didn't find any XML files.

Solutions:
- Verify you're in the correct directory (should contain .xml files)
- Check if files are exported correctly from ServiceNow
- Use absolute path: dead-code-analyzer /full/path/to/update
- Enable debug logging: dead-code-analyzer -l debug

$3

Problem: Some JavaScript files have syntax errors.

Solutions:
- Review the list of failed files in the output
- Check if those files have valid JavaScript
- These files will be skipped, but analysis continues
- Fix syntax errors in ServiceNow and re-export

$3

Problem: Methods you know are used are flagged as dead.

Possible causes:
- Methods called dynamically or via eval
- Methods used in client-side scripts
- External API endpoints
- IntegrationHub actions

Solutions:
- Review carefully - these may be special cases
- Document why they're kept if flagged as dead
- Consider adding comments in code: // Used by IntegrationHub

$3

Problem: Analysis is slow on large codebases.

Solutions:
- Analyze specific subdirectories first
- Use SSD storage for faster file I/O
- Close other applications to free memory
- Consider analyzing in smaller batches

🤝 Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

$3

- Follow existing code patterns (SOLID principles, design patterns)
- Add tests for new features
- Keep files under 500 lines
- Use comprehensive logging
- Update documentation

🐛 Known Limitations

- Dynamic method calls: Cannot detect methods invoked via eval()` or computed properties
- Cross-scope calls: May miss methods called from different scoped applications
- Client-side usage: Cannot analyze methods called from UI scripts or portal widgets
- External systems: Cannot detect usage from REST/SOAP clients or external integrations
- GlideRecord patterns: Some ServiceNow-specific patterns may not be fully recognized
- Parse errors: Files with syntax errors will be skipped

📚 Resources

- ServiceNow Scripting Best Practices
- JavaScript Static Analysis
- Babel Parser Documentation

📄 License

MIT License - see LICENSE file for details

💬 Support

- Issues: Report bugs or request features on GitHub Issues
- Questions: For usage questions, please check existing issues first
- Community: Share your experience and help others

🙏 Acknowledgments

Built for the ServiceNow developer community to help maintain clean, efficient code.

---

Made with ❤️ for ServiceNow Developers