A small CLI tool that scans a codebase for string and numeric literals, helping you quickly spot hard-coded values in source files.
Project description
litscan 1.3.1
A small CLI tool that scans a codebase for string and numeric literals, helping you quickly spot hard-coded values in source files.
Prerequisites
- Python 3.14+
Installation
pip install litscan
Usage
After installation, litscan is available as a console script:
litscan <path> [options]
What is detected
The scanner recognises the following literal types in any source file:
| Type | Examples |
|---|---|
| Triple-quoted strings (multiline) | """hello""", '''world''' |
| Double-quoted strings | "hello" |
| Single-quoted strings | 'world' |
| Decimal numbers | 3.14, 0.5 |
| Integer numbers | 42, 0 |
Results are grouped by unique literal value and sorted by occurrence count (highest first).
Arguments
| Argument | Description |
|---|---|
path |
Target directory or file to scan. Multiple paths can be specified, separated by a semicolon (e.g. src;lib;tests). |
Options
| Option | Default | Description |
|---|---|---|
--ext <exts> |
(all files) | Comma-separated extensions to include (e.g. py,js,ts) |
--output <name> |
litscan-output |
Base name (without extension) for output file(s) |
--output-dir <dir> |
reports |
Directory where output file(s) will be written |
--format <fmt> |
json |
Output format: json, html, or all |
--workers <n> |
min(32, cpu_count + 4) |
Number of parallel worker threads used during scanning |
--db <path> |
<system-temp>/litscan.db |
Path to the SQLite scratch database that stores occurrences during a scan run. Session records are removed after the report is written. |
--functions-only |
(off) | Scan only literals that appear inside function or method implementations. Supported for Python and brace-style languages (Java, JS, JSX, TS, TSX, C/C++, C#, Go, Rust, Kotlin, Swift, Scala, Groovy, GS, GSX). |
Examples
Scan all files in the current directory and produce a JSON report:
litscan .
Scan only Python and JavaScript files in src/:
litscan src --ext py,js
Generate both JSON and HTML reports in a custom directory:
litscan . --format all --output-dir my-reports
Scan a Java source tree with a custom output name:
litscan src/main/java --ext java --format all --output-dir reports
Scan only literals inside functions and methods:
litscan src --functions-only
Configuration
| Environment variable | Description |
|---|---|
LITSCAN_CONFIG_DIR |
Directory where logging.ini and lit_ignore are seeded and read from. When unset, the bundled copies inside the package are used directly. |
Ignore patterns
The lit_ignore file (seeded into LITSCAN_CONFIG_DIR on first run) contains one regex pattern per line. Any literal whose value matches a pattern is excluded from scan results. Edit the file to suppress noise such as common stop-words or numeric constants you do not care about.
Development
Prerequisites
- Poetry 2.2+
Installation
poetry install
Architecture
flowchart TD
CLI["cli.py\n(entry point)"] --> logenrich["setup_logger()\nlogenrich"]
CLI --> discover["discover_files()"]
discover --> concurrent["ThreadPoolExecutor\n(parallel scan)"]
concurrent --> scan["scan_file()\nscanner.py"]
scan --> litignore["lit_ignore\n(exclude patterns)"]
scan --> store["SessionStore\nstore.py (SQLite)"]
store --> report["write_outputs()\nreporter.py"]
report --> JSON["JSON report"]
report --> HTML["HTML report"]
| Module | Responsibility |
|---|---|
cli.py |
Argument parsing, file discovery, orchestration |
scanner.py |
Regex-based literal extraction; LiteralOccurrence / LiteralGroup types |
store.py |
SessionStore — thread-safe SQLite scratch store; one UUID per scan run |
reporter.py |
write_outputs() — renders JSON and/or HTML reports |
logenrich |
External library that provides setup_logger() — logging config seeded from logging.ini |
Test with coverage
poetry run pytest --cov=litscan tests --cov-report html
Format and lint
poetry run black litscan; poetry run pylint litscan
Quality gates
- Coverage ≥ 90%
- Pylint score 10/10
Example
Scan the test fixtures and produce both JSON and HTML reports:
poetry run litscan tests\fixtures --format all
Publishing to PyPI
Prerequisites
- A PyPI account with an API token.
Configure the token
poetry config pypi-token.pypi <your-token>
Build and publish
poetry publish --build
This builds the source distribution and wheel, then uploads them to PyPI in one step.
Note: PyPI releases are immutable. Once a version is published, it cannot be overwritten.
To fix a mistake, yank the release via the PyPI web UI and publish a new version.
Changelog
License
Author
Ron Webb <ron@ronella.xyz>
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file litscan-1.3.1.tar.gz.
File metadata
- Download URL: litscan-1.3.1.tar.gz
- Upload date:
- Size: 19.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.0 CPython/3.14.5 Linux/6.17.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
56b8277ac04e5488763886532cacf81aac3ff00463b5f4056acbd1a999f99a86
|
|
| MD5 |
3adafb61f64bc7e768ff2fdc61885b54
|
|
| BLAKE2b-256 |
84ea318900ccc4b2106d63c8ff6985af943796e885b0e2c834c28657467f696b
|
File details
Details for the file litscan-1.3.1-py3-none-any.whl.
File metadata
- Download URL: litscan-1.3.1-py3-none-any.whl
- Upload date:
- Size: 20.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.0 CPython/3.14.5 Linux/6.17.0-1015-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b185f3c74a15847047516e70a4b6e8e2acf6f2dd151a2787b967e7ca66b8efab
|
|
| MD5 |
f53286e3417111f00ce740af90209362
|
|
| BLAKE2b-256 |
cd7e361934e5da6149cbcb87cddab566463f75b6246b7f16cbce95942d8d18ef
|
