Skip to main content

X-ray any codebase in one command — interactive dependency graph, blast radius, health grade, security scan, and hotspot map in a single HTML file.

Project description

🔍 repolens

X-ray any codebase in one command

One line in, one file out — an interactive architecture map, blast-radius explorer, health grade, security scan, and hotspot report for any repo, local or on GitHub.

PyPI Python License: MIT CI

uvx repolens-kit facebook/react    # ← that's the whole setup

or try it online, no install: lens.bigwinner.work — paste any public repo

repolens interactive report — blast radius mode with file inspector

One-liners

uvx repolens-kit .                 # analyze the repo you're standing in (zero install)
uvx repolens-kit pallets/flask     # analyze any GitHub repo by shorthand
uvx repolens-kit https://github.com/fastapi/fastapi
pipx run repolens-kit .            # same, via pipx
pip install repolens-kit && repolens .  # installs the `repolens` command

Every run prints a rich terminal summary and writes a single self-contained HTML file — D3 inlined, zero external requests, works offline, safe to email or attach to a PR. Your code never leaves your machine.

repolens terminal output

What you get

🕸️ Interactive dependency graph Force-directed map of every file. Four color modes — folder, architectural layer, churn, blast. Click any node for its imports, dependents, functions, and owners.
💥 Blast radius "If I change this file, what breaks?" Transitive-dependent analysis answers it per file, in the terminal and the graph.
🏥 Health grade (A–F) Cycles, coupling, oversized files, disconnected code, and security findings — with a transparent penalty breakdown, never a black-box number.
🔐 Security scan Committed private keys, AWS/GitHub/Slack tokens, hardcoded secrets, SQL built by string-glue, eval/exec, unsafe deserialization, disabled TLS verification. Findings in test/docs paths are automatically demoted.
🔥 Hotspots & ownership Per-file commit churn and top contributors mined from git history — know what's volatile and who to ask.
Circular dependencies Strongly-connected components across the import graph (Tarjan), with the actual file chains.
🗺️ Code map Treemap of lines-of-code by folder, language donut, largest-impact and most-changed bar charts.
📤 JSON export --json dumps the entire model — pipe it into CI gates, dashboards, or your own tooling.
Code map treemap, language donut, hotspots and blast radius charts

How the analysis works

repolens parses source with per-language extraction (30+ languages: Python, TypeScript/JavaScript, Go, Rust, Java, Kotlin, C/C++, C#, Ruby, PHP, Swift, Elixir, and more), then resolves imports to files inside the repo to build a real dependency graph:

  • Python: from X import name expands to submodules, src/-layout packages resolve, if TYPE_CHECKING: blocks and function-body (deferred) imports are excluded — so the cycles it reports are cycles that actually bite at import time.
  • JS/TS: relative paths, index.* resolution, require/dynamic import().
  • Ambiguous names are settled by ranking (package roots beat stray same-named fixtures) instead of being dropped.

On top of the graph: blast radius (reverse-reachability per file), SCC cycle detection, layer classification, hub/coupling metrics, and a security ruleset tuned for precision. Everything is heuristic and fast — ~1 second for a 1,000-file repo — built for orientation, not for replacing a compiler.

Usage

repolens [target] [options]

target                 local path, owner/repo, or GitHub URL (default: .)

-o, --output FILE      HTML report path (default: <name>-repolens.html)
    --json [FILE]      dump the full analysis model as JSON (stdout if no FILE)
-x, --exclude PATTERN  extra exclude glob, repeatable (e.g. -x 'docs/**')
    --max-files N      cap analyzed files (default: 6000)
    --tarball          fetch GitHub repos as a snapshot streamed in memory —
                       ~10x faster, zero disk writes, but no churn/ownership stats
    --no-open          don't auto-open the report in a browser
    --no-html          terminal summary only
-q, --quiet            no terminal summary

As a library

from repolens import analyze

report = analyze("path/or/owner/repo")
print(report["health"]["grade"], report["repo"]["edges"])

In CI

pip install repolens-kit
repolens . --no-open --no-html --json report.json
python -c "import json,sys; sys.exit(json.load(open('report.json'))['health']['score'] < 70)"

Privacy

  • Local analysis never touches the network.
  • GitHub targets are shallow-cloned with your own git (and deleted afterward) — no tokens collected, no telemetry, nothing phoned home.
  • The HTML report inlines D3, so opening it makes zero external requests.

Credits

repolens is a from-scratch Python reimagining of CodeFlow by Braedon Saunders — a lovely browser-only codebase visualizer. Same mission (stop guessing, start seeing), rebuilt as an installable CLI with a resolvable import graph, honest health scoring, git mining, and offline single-file reports.

License

MIT — see LICENSE.

Stop guessing. Start seeing.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

repolens_kit-0.3.2.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

repolens_kit-0.3.2-py3-none-any.whl (136.3 kB view details)

Uploaded Python 3

File details

Details for the file repolens_kit-0.3.2.tar.gz.

File metadata

  • Download URL: repolens_kit-0.3.2.tar.gz
  • Upload date:
  • Size: 1.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for repolens_kit-0.3.2.tar.gz
Algorithm Hash digest
SHA256 7c5c93c5d1b2f0296bc3e912cb7390bebabb6e01e95f4d138bc2193640325aa5
MD5 d84271337fba1f24274b14c9dacedc42
BLAKE2b-256 2c9dc8ae4aa75d0a156a3989c7978fd63ad7d860791a6fadfbad29411d4ad421

See more details on using hashes here.

File details

Details for the file repolens_kit-0.3.2-py3-none-any.whl.

File metadata

  • Download URL: repolens_kit-0.3.2-py3-none-any.whl
  • Upload date:
  • Size: 136.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for repolens_kit-0.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 9175bd924c3214ecf83c870201378b2d71e8fe772adbaeb03b38123e38f3bcd5
MD5 62d580f2c60b07497d9382ce534889df
BLAKE2b-256 daa35133034e72b44a7f13d7049f8eea981703b5c6b63e91987f57bba808e24a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page