Analyze a git source code repository for health signals and project vitals
Analyze the current directory as a git repository and print JSON (for tooling or AI agents):
npx repolyze --json .Analyze another path:
npx repolyze --json /path/to/repoEmit a Markdown report optimized for LLM consumption:
npx repolyze --markdown .Verbose mode (prints git invocations to stderr):
npx repolyze --verbose .Help:
npx repolyze --helpWhen the package is installed globally, use the repolyze command the same way (for example repolyze --json .).
Install globally (pick your package manager):
npm install -g repolyzepnpm add -g repolyzeOr run without installing, using npx (downloads the package for that invocation):
npx repolyze --helpThe default signals this tool collects mirror the git workflow described by Ally Piechowski in The Git Commands I Run Before Reading Any Code. See docs/repository-analysis.md for command-by-command notes, caveats, and the same attribution in context.
References:
- fallow-rs - Static analysis for source code health based on git
- vibe-security-radar - Georgia Tech SSLab research that correlates public CVE/advisory data with git history (blame, fix commits, squash-merge context) and commit-metadata heuristics (co-authors, bot emails, tool markers), with LLM-assisted triage—not a drop-in for repolyze, but a useful contrast for how far you can push git- and commit-derived security storytelling
Please consult CONTRIBUTING for guidelines on contributing to this project.
Developing this repo locally (running from source, tests, build): see DEVELOPMENT.md.
repolyze © Liran Tal, Released under the Apache-2.0 License.