🔍 Smart AST Analyzer

AI-enhanced project analysis tool that provides deep insights into your codebase. Features a powerful built-in analysis engine with optional AI enhancement. Get comprehensive analysis of API endpoints, component relationships, WebSocket events, security vulnerabilities, performance bottlenecks, code complexity, and dependency graphs.

![License: MIT](https://opensource.org/licenses/MIT)
![Node.js Version](https://nodejs.org/)
![npm version](https://www.npmjs.com/package/smart-ast-analyzer)
![Release](https://github.com/ersinkoc/smart-ast-analyzer/releases/tag/v1.0.0)

✨ Features

$3

- 🎯 AST-Based Analysis - Real Abstract Syntax Tree parsing with Babel
- 📊 Code Complexity Metrics - Cyclomatic and cognitive complexity analysis
- 📈 Dependency Graph Analysis - Circular dependency detection and visualization
- 🔍 Function & Class Analysis - Extract components, functions, hooks automatically

$3

- 🛡️ Vulnerability Detection - Identifies eval(), SQL injection, XSS risks
- 🔑 Authentication Analysis - Reviews auth patterns and security practices
- 🚨 Hardcoded Secrets Detection - Finds API keys, passwords in code
- ⚠️ Security Scoring - Comprehensive security assessment

$3

- 🎪 Bottleneck Detection - Nested loops, DOM queries in loops
- 🏗️ Architectural Analysis - Design patterns and anti-patterns
- 💾 Memory Leak Detection - Large arrays, inefficient cloning
- 🚀 Optimization Suggestions - Actionable performance improvements

$3

- 🌐 API Mapping - Discover all endpoints with Express, FastAPI, etc.
- 🧩 Component Analysis - React, Vue, Angular component relationships
- 🔌 WebSocket Events - Real-time communication patterns
- 🗄️ Database Queries - ORM models, SQL patterns, N+1 detection
- 📊 Multiple Outputs - JSON, Markdown, and interactive HTML reports

🚀 Quick Start

$3

``bash

`Global installation`


npm install -g smart-ast-analyzer
Or use directly with npx

npx smart-ast-analyzer analyze

$3

`bash

`Analyze current directory with built-in engine (recommended)`


smart-ast analyze
Analyze specific directory with deep analysis

smart-ast analyze --path ./my-project
Focus on specific analysis types

smart-ast analyze --type api          # API endpoints and security
smart-ast analyze --type components   # Component architecture
smart-ast analyze --type security     # Security vulnerabilities
smart-ast analyze --type performance  # Performance bottlenecks
Use AI enhancement (optional - requires CLI setup)

smart-ast analyze --ai gemini
smart-ast analyze --ai claude


📋 Prerequisites

- Node.js >= 14.0.0 - Dependencies - All analysis dependencies included (Babel, TypeScript parser, etc.) - Optional AI Enhancement: - Gemini CLI (gemini -y -p "prompt") - Claude Code CLI (claude "prompt @file")

`🏗️ Architecture`

The Smart AST Analyzer uses a multi-layered analysis approach:

1. BaseAnalyzer - Orchestrates all analysis types 2. ASTAnalyzer - Real AST parsing with Babel for deep code insights 3. DeepAnalysisEngine - Comprehensive complexity, security, and performance analysis 4. AIEnhancer - Optional AI-powered insights and recommendations

> Core Philosophy: Analyze deeply with built-in engines first, enhance with AI when needed.

`🎯 Analysis Types`

`$3`


AST-Powered Endpoint Discovery
- Express.js route detection (

app.get(), router.post()

, etc.)
- Middleware chain analysis and authentication patterns
- Security vulnerability scanning (SQL injection, XSS, eval())
- Request/response structure analysis
- Authentication flow mapping
$3

Deep React/Vue/Angular Inspection
- AST-based component extraction (function, class, arrow functions)
- Props and hooks analysis with TypeScript support
- Component dependency mapping
- Performance anti-pattern detection
- Dead code and unused component identification
$3

Comprehensive Vulnerability Scanning
- Critical:

eval(), setTimeout(string)

 detection
- High: SQL injection patterns in queries
- Medium: XSS via

innerHTML

 assignments
- Low: Unvalidated environment variable usage
- Hardcoded secrets detection (API keys, passwords)
$3

Bottleneck Detection & Optimization
- Nested iteration complexity (O(n²) patterns)
- DOM queries inside loops
- Large array initialization detection
- Inefficient deep cloning (

JSON.parse(JSON.stringify())

)
- Memory leak potential identification
$3

Code Quality Metrics
- Cyclomatic Complexity - Decision points and branching
- Cognitive Complexity - Human comprehension difficulty  
- Nesting Depth - Code structure complexity
- Function Length - Lines of code per function
- Class Cohesion - Single responsibility metrics
$3

Import/Export Relationship Mapping
- Circular dependency detection with path tracing
- Unused import identification
- External vs internal dependency classification
- Dependency graph visualization data
- Module coupling analysis
🛠️ Configuration
$3

`bash smart-ast analyze [options]

        Output directory (default: ./smart-ast-output)
  -f, --format      Output format: json|markdown|html|all (default: all)
  --max-files       Maximum files to analyze per category (default: 50)
  --include       Include file patterns (comma-separated)
  --exclude       Exclude file patterns (comma-separated)
  --no-cache               Disable caching
  --verbose                Verbose output
  --config           Custom config file

$3

Create a .smart-ast.json file in your project root:

`json { "ai": "mock", "analysis": { "type": "full", "maxFiles": 100, "deepAnalysis": true, "complexity": { "maxCyclomatic": 10, "maxCognitive": 15, "maxNesting": 4 }, "security": { "scanSecrets": true, "checkVulnerabilities": true }, "exclude": [ "node_modules/**", ".git/**", "dist/**", "build/**", "*.min.js" ] }, "output": { "format": "all", "directory": "./smart-ast-output", "includeSourceMaps": false } }`

`📊 Output Examples`

`$3`

json
{
  "projectInfo": {
    "framework": "react",
    "language": "javascript", 
    "totalFiles": 45,
    "totalLines": 12843
  },
  "deepAnalysis": {
    "complexity": {
      "overall": { "score": 12, "rating": "moderate" },
      "functions": [
        {
          "name": "processData",
          "cyclomatic": 15,
          "cognitive": 23,
          "warnings": ["High cognitive complexity"]
        }
      ]
    },
    "security": {
      "score": 75,
      "vulnerabilities": [
        {
          "type": "dangerous-eval",
          "severity": "critical",
          "file": "src/utils.js",
          "line": 42
        }
      ]
    },
    "dependencies": {
      "cycles": ["src/a.js -> src/b.js -> src/a.js"],
      "external": ["react", "lodash"],
      "internal": ["./utils", "./config"]
    }
  },
  "recommendations": [
    "🔴 Critical: Refactor complex functions",
    "🔴 Security: Fix 3 critical vulnerabilities"
  ]
}


$3

Interactive dashboard featuring:
- 📊 Executive Summary - Project overview with key metrics
- 🌐 API Analysis - Endpoint table with security status
- 🧩 Component Architecture - Component hierarchy and relationships  
- 🔐 Security Dashboard - Vulnerability list with severity levels
- ⚡ Performance Metrics - Bottlenecks and optimization opportunities
- 📈 Code Complexity - Function/class complexity with warnings
- 🕸️ Dependency Graph - Import relationships and circular dependencies
- 🎯 Actionable Recommendations - Prioritized improvement suggestions
$3

Developer-friendly format with:
- Detailed analysis sections for each category
- Code examples and line number references
- Severity-based vulnerability listings
- Performance optimization suggestions
- Complexity metrics tables
🧪 Testing

`bash

`Run tests`


npm test
Run with coverage

npm run test:coverage
Watch mode

npm run test:watch


🤖 Analysis Engine Architecture
$3
The Smart AST Analyzer features a sophisticated multi-engine analysis system:
#### 🔬 AST-Based Core Engine
- ✅ Babel Parser Integration - Real Abstract Syntax Tree analysis
- ✅ TypeScript Support - Full TS/TSX parsing with decorators
- ✅ Multi-Language - JavaScript, JSX, TypeScript, Vue, Angular
- ✅ Deep Inspection - Function complexity, class cohesion, dependency graphs
#### 🛡️ Security Analysis Engine  
- ✅ Vulnerability Detection - AST-based security scanning
- ✅ Pattern Recognition - SQL injection, XSS, eval() detection
- ✅ Secret Scanning - Hardcoded API keys, passwords
- ✅ Security Scoring - Comprehensive risk assessment
#### ⚡ Performance Analysis Engine
- ✅ Bottleneck Detection - O(n²) complexity, nested iterations
- ✅ Anti-Pattern Recognition - Memory leaks, inefficient cloning
- ✅ DOM Analysis - Query optimization suggestions
- ✅ Bundle Analysis - Large dependency detection

`bash

`Comprehensive analysis with all engines`


smart-ast analyze --type full

$3

#### Gemini CLI Integration - Status: ✅ Production Ready - Usage:smart-ast analyze --ai gemini- Function: Enhances built-in analysis with AI insights - Command:gemini -y -p "focused-prompt"

#### Claude Code Integration - Status: ✅ Functional - Usage:smart-ast analyze --ai claude- Function: Provides additional recommendations - Command:claude "focused-prompt @tempfile"

> Philosophy: Powerful built-in analysis first, AI enhancement second. Most projects get excellent results without external AI.

`🤝 Contributing`

We welcome contributions! Please see our Contributing Guide for details.

1. Fork the repository 2. Create your feature branch (git checkout -b feature/amazing-feature) 3. Commit your changes (git commit -m 'Add some amazing feature') 4. Push to the branch (git push origin feature/amazing-feature`)
5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

👨‍💻 Author

Ersin KOÇ
- Email: ersinkoc@gmail.com
- GitHub: @ersinkoc

🙏 Acknowledgments

- Thanks to the Gemini and Claude teams for their excellent AI services
- Inspired by various AST analysis tools in the ecosystem
- Built with love for the developer community

📚 Documentation

For detailed documentation, examples, and API reference, visit our GitHub repository.

🐛 Bug Reports

Found a bug? Please open an issue with a detailed description and reproduction steps.

🌟 Support

If you find this tool helpful, please consider:
- ⭐ Starring the repository
- 🐦 Sharing it on social media
- 💬 Providing feedback and suggestions

---

Made with ❤️ by Ersin KOÇ

🔍 Smart AST Analyzer

✨ Features

$3

🚀 Quick Start

$3

``bash

`Global installation`


npm install -g smart-ast-analyzer
Or use directly with npx

npx smart-ast-analyzer analyze

$3

`bash

`Analyze current directory with built-in engine (recommended)`


smart-ast analyze
Analyze specific directory with deep analysis

smart-ast analyze --path ./my-project
Focus on specific analysis types

smart-ast analyze --type api          # API endpoints and security
smart-ast analyze --type components   # Component architecture
smart-ast analyze --type security     # Security vulnerabilities
smart-ast analyze --type performance  # Performance bottlenecks
Use AI enhancement (optional - requires CLI setup)

smart-ast analyze --ai gemini
smart-ast analyze --ai claude


📋 Prerequisites

`🏗️ Architecture`

The Smart AST Analyzer uses a multi-layered analysis approach:

> Core Philosophy: Analyze deeply with built-in engines first, enhance with AI when needed.

`🎯 Analysis Types`

`$3`


AST-Powered Endpoint Discovery
- Express.js route detection (

app.get(), router.post()

, etc.)
- Middleware chain analysis and authentication patterns
- Security vulnerability scanning (SQL injection, XSS, eval())
- Request/response structure analysis
- Authentication flow mapping
$3

Deep React/Vue/Angular Inspection
- AST-based component extraction (function, class, arrow functions)
- Props and hooks analysis with TypeScript support
- Component dependency mapping
- Performance anti-pattern detection
- Dead code and unused component identification
$3

Comprehensive Vulnerability Scanning
- Critical:

eval(), setTimeout(string)

 detection
- High: SQL injection patterns in queries
- Medium: XSS via

innerHTML

 assignments
- Low: Unvalidated environment variable usage
- Hardcoded secrets detection (API keys, passwords)
$3

Bottleneck Detection & Optimization
- Nested iteration complexity (O(n²) patterns)
- DOM queries inside loops
- Large array initialization detection
- Inefficient deep cloning (

JSON.parse(JSON.stringify())

)
- Memory leak potential identification
$3

Code Quality Metrics
- Cyclomatic Complexity - Decision points and branching
- Cognitive Complexity - Human comprehension difficulty  
- Nesting Depth - Code structure complexity
- Function Length - Lines of code per function
- Class Cohesion - Single responsibility metrics
$3

Import/Export Relationship Mapping
- Circular dependency detection with path tracing
- Unused import identification
- External vs internal dependency classification
- Dependency graph visualization data
- Module coupling analysis
🛠️ Configuration
$3

`bash smart-ast analyze [options]

        Output directory (default: ./smart-ast-output)
  -f, --format      Output format: json|markdown|html|all (default: all)
  --max-files       Maximum files to analyze per category (default: 50)
  --include       Include file patterns (comma-separated)
  --exclude       Exclude file patterns (comma-separated)
  --no-cache               Disable caching
  --verbose                Verbose output
  --config           Custom config file

$3

Create a .smart-ast.json file in your project root:

`📊 Output Examples`

`$3`

json
{
  "projectInfo": {
    "framework": "react",
    "language": "javascript", 
    "totalFiles": 45,
    "totalLines": 12843
  },
  "deepAnalysis": {
    "complexity": {
      "overall": { "score": 12, "rating": "moderate" },
      "functions": [
        {
          "name": "processData",
          "cyclomatic": 15,
          "cognitive": 23,
          "warnings": ["High cognitive complexity"]
        }
      ]
    },
    "security": {
      "score": 75,
      "vulnerabilities": [
        {
          "type": "dangerous-eval",
          "severity": "critical",
          "file": "src/utils.js",
          "line": 42
        }
      ]
    },
    "dependencies": {
      "cycles": ["src/a.js -> src/b.js -> src/a.js"],
      "external": ["react", "lodash"],
      "internal": ["./utils", "./config"]
    }
  },
  "recommendations": [
    "🔴 Critical: Refactor complex functions",
    "🔴 Security: Fix 3 critical vulnerabilities"
  ]
}


$3

Interactive dashboard featuring:
- 📊 Executive Summary - Project overview with key metrics
- 🌐 API Analysis - Endpoint table with security status
- 🧩 Component Architecture - Component hierarchy and relationships  
- 🔐 Security Dashboard - Vulnerability list with severity levels
- ⚡ Performance Metrics - Bottlenecks and optimization opportunities
- 📈 Code Complexity - Function/class complexity with warnings
- 🕸️ Dependency Graph - Import relationships and circular dependencies
- 🎯 Actionable Recommendations - Prioritized improvement suggestions
$3

Developer-friendly format with:
- Detailed analysis sections for each category
- Code examples and line number references
- Severity-based vulnerability listings
- Performance optimization suggestions
- Complexity metrics tables
🧪 Testing

`bash

`Run tests`


npm test
Run with coverage

npm run test:coverage
Watch mode

npm run test:watch


🤖 Analysis Engine Architecture
$3
The Smart AST Analyzer features a sophisticated multi-engine analysis system:
#### 🔬 AST-Based Core Engine
- ✅ Babel Parser Integration - Real Abstract Syntax Tree analysis
- ✅ TypeScript Support - Full TS/TSX parsing with decorators
- ✅ Multi-Language - JavaScript, JSX, TypeScript, Vue, Angular
- ✅ Deep Inspection - Function complexity, class cohesion, dependency graphs
#### 🛡️ Security Analysis Engine  
- ✅ Vulnerability Detection - AST-based security scanning
- ✅ Pattern Recognition - SQL injection, XSS, eval() detection
- ✅ Secret Scanning - Hardcoded API keys, passwords
- ✅ Security Scoring - Comprehensive risk assessment
#### ⚡ Performance Analysis Engine
- ✅ Bottleneck Detection - O(n²) complexity, nested iterations
- ✅ Anti-Pattern Recognition - Memory leaks, inefficient cloning
- ✅ DOM Analysis - Query optimization suggestions
- ✅ Bundle Analysis - Large dependency detection

`bash

`Comprehensive analysis with all engines`


smart-ast analyze --type full

$3

#### Gemini CLI Integration - Status: ✅ Production Ready - Usage:smart-ast analyze --ai gemini- Function: Enhances built-in analysis with AI insights - Command:gemini -y -p "focused-prompt"

#### Claude Code Integration - Status: ✅ Functional - Usage:smart-ast analyze --ai claude- Function: Provides additional recommendations - Command:claude "focused-prompt @tempfile"

> Philosophy: Powerful built-in analysis first, AI enhancement second. Most projects get excellent results without external AI.

`🤝 Contributing`

We welcome contributions! Please see our Contributing Guide for details.

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

👨‍💻 Author

Ersin KOÇ
- Email: ersinkoc@gmail.com
- GitHub: @ersinkoc

🙏 Acknowledgments

- Thanks to the Gemini and Claude teams for their excellent AI services
- Inspired by various AST analysis tools in the ecosystem
- Built with love for the developer community

📚 Documentation

For detailed documentation, examples, and API reference, visit our GitHub repository.

🐛 Bug Reports

Found a bug? Please open an issue with a detailed description and reproduction steps.

🌟 Support

If you find this tool helpful, please consider:
- ⭐ Starring the repository
- 🐦 Sharing it on social media
- 💬 Providing feedback and suggestions

---

Made with ❤️ by Ersin KOÇ