@darrenjcoxon/vibeoptimise 1.0.0

package/dist/scanners/eslint-perf.js

@@ -0,0 +1,209 @@
+/**
+ * ESLint Performance Scanner — Import Hygiene & Inefficient Patterns
+ *
+ * Runs ESLint with performance-focused rules to detect:
+ * - Import cycles (eslint-plugin-import)
+ * - Unused imports
+ * - Barrel file anti-patterns
+ * - Inefficient array/object patterns
+ *
+ * Tool: eslint (npm)
+ * Output: JSON formatter
+ */
+import { execSync } from 'child_process';
+import { existsSync } from 'fs';
+import { join } from 'path';
+export class EslintPerfScanner {
+    name = 'ESLint Perf';
+    description = 'Performance-focused linting — import cycles, unused imports, inefficient patterns';
+    category = 'code-quality';
+    async isAvailable() {
+        try {
+            execSync('npx eslint --version', { stdio: 'pipe', timeout: 15000 });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async scan(targetDir, options) {
+        const start = Date.now();
+        const findings = [];
+        try {
+            // Check if eslint is available in the project
+            const hasEslint = existsSync(join(targetDir, 'node_modules', '.bin', 'eslint'))
+                || existsSync(join(targetDir, 'node_modules', 'eslint'));
+            if (!hasEslint) {
+                // Try with npx instead
+                return this.scanWithCustomRules(targetDir, options, start);
+            }
+            // Run eslint with JSON output
+            const extensions = '--ext .js,.jsx,.ts,.tsx,.mjs';
+            const ignorePattern = '--ignore-pattern "node_modules" --ignore-pattern "dist" --ignore-pattern "build" --ignore-pattern ".next"';
+            try {
+                const cmd = `npx eslint "${targetDir}" ${extensions} ${ignorePattern} -f json --no-error-on-unmatched-pattern 2>/dev/null`;
+                const output = execSync(cmd, {
+                    cwd: targetDir,
+                    stdio: 'pipe',
+                    timeout: 120000,
+                }).toString();
+                if (output.trim()) {
+                    const results = JSON.parse(output);
+                    this.processEslintResults(results, findings);
+                }
+            }
+            catch (err) {
+                // ESLint exits non-zero when it finds errors
+                const output = err.stdout?.toString() || '';
+                if (output.trim()) {
+                    try {
+                        const results = JSON.parse(output);
+                        this.processEslintResults(results, findings);
+                    }
+                    catch {
+                        // JSON parse failed — ESLint might have errored
+                    }
+                }
+            }
+            // Additionally, scan for common anti-patterns
+            this.scanForAntiPatterns(targetDir, findings);
+            return {
+                scanner: this.name,
+                findings,
+                summary: findings.length === 0
+                    ? '✅ No performance-impacting lint issues found'
+                    : `Found ${findings.length} performance-related lint issues`,
+                duration: Date.now() - start,
+            };
+        }
+        catch (err) {
+            return {
+                scanner: this.name,
+                findings: [],
+                summary: `Error: ${err.message}`,
+                duration: Date.now() - start,
+                error: err.message,
+            };
+        }
+    }
+    async scanWithCustomRules(targetDir, options, start) {
+        const findings = [];
+        // Even without project ESLint, scan for anti-patterns
+        this.scanForAntiPatterns(targetDir, findings);
+        return {
+            scanner: this.name,
+            findings,
+            summary: findings.length === 0
+                ? '✅ No performance anti-patterns detected'
+                : `Found ${findings.length} performance anti-patterns`,
+            duration: Date.now() - start,
+        };
+    }
+    processEslintResults(results, findings) {
+        if (!Array.isArray(results))
+            return;
+        // Performance-relevant rule IDs
+        const perfRules = new Set([
+            'import/no-cycle',
+            'import/no-duplicates',
+            'import/no-unused-modules',
+            'no-unused-vars',
+            '@typescript-eslint/no-unused-vars',
+            'unused-imports/no-unused-imports',
+            'no-console',
+            'no-debugger',
+            'prefer-const',
+            'no-var',
+        ]);
+        for (const fileResult of results) {
+            if (!fileResult.messages || !Array.isArray(fileResult.messages))
+                continue;
+            for (const msg of fileResult.messages) {
+                if (!msg.ruleId)
+                    continue;
+                // Only include performance-relevant rules
+                const isPerf = perfRules.has(msg.ruleId) ||
+                    msg.ruleId.startsWith('import/') ||
+                    msg.ruleId.includes('unused');
+                if (!isPerf)
+                    continue;
+                let severity = 'low';
+                if (msg.ruleId === 'import/no-cycle')
+                    severity = 'high';
+                else if (msg.ruleId.includes('unused'))
+                    severity = 'medium';
+                findings.push({
+                    id: `eslint-${msg.ruleId}-${fileResult.filePath}-${msg.line}`,
+                    scanner: this.name,
+                    category: msg.ruleId.startsWith('import/') ? 'import-hygiene' : 'code-quality',
+                    severity,
+                    title: `${msg.ruleId}: ${msg.message}`,
+                    description: msg.message,
+                    file: fileResult.filePath,
+                    line: msg.line,
+                    column: msg.column,
+                    suggestion: msg.fix
+                        ? 'Auto-fixable: run `eslint --fix` to resolve this automatically.'
+                        : `Address the ESLint rule "${msg.ruleId}" violation.`,
+                });
+            }
+        }
+    }
+    scanForAntiPatterns(targetDir, findings) {
+        try {
+            // Check for barrel files that re-export everything (causes bundle bloat)
+            const barrelCheck = execSync(`find "${targetDir}" -name "index.ts" -o -name "index.js" | head -20`, { stdio: 'pipe', timeout: 10000 }).toString().trim();
+            if (barrelCheck) {
+                const barrelFiles = barrelCheck.split('\n').filter(f => !f.includes('node_modules') && !f.includes('dist') && !f.includes('.next'));
+                for (const barrelFile of barrelFiles) {
+                    try {
+                        const content = execSync(`cat "${barrelFile}"`, { stdio: 'pipe' }).toString();
+                        const exportAllCount = (content.match(/export \* from/g) || []).length;
+                        if (exportAllCount > 5) {
+                            findings.push({
+                                id: `eslint-barrel-${barrelFile}`,
+                                scanner: this.name,
+                                category: 'bundle-size',
+                                severity: 'medium',
+                                title: `Barrel file with ${exportAllCount} wildcard re-exports`,
+                                description: `"${barrelFile}" uses ${exportAllCount} \`export * from\` statements. This can defeat tree-shaking and pull in unused code.`,
+                                file: barrelFile,
+                                suggestion: `Replace \`export * from\` with named exports to enable tree-shaking:\n\`export { SpecificThing } from './module'\`\n\nOnly re-export what consumers actually need.`,
+                                estimatedImpact: 'Better tree-shaking, smaller bundles',
+                            });
+                        }
+                    }
+                    catch {
+                        // Skip files we can't read
+                    }
+                }
+            }
+            // Check for console.log statements in source (not test) files
+            try {
+                const consoleLogs = execSync(`grep -rn "console\\.log" "${targetDir}" --include="*.ts" --include="*.tsx" --include="*.js" --include="*.jsx" | grep -v node_modules | grep -v dist | grep -v ".test." | grep -v ".spec." | grep -v "__tests__" | head -20`, { stdio: 'pipe', timeout: 10000 }).toString().trim();
+                if (consoleLogs) {
+                    const logLines = consoleLogs.split('\n').filter(Boolean);
+                    if (logLines.length > 3) {
+                        findings.push({
+                            id: `eslint-console-logs`,
+                            scanner: this.name,
+                            category: 'code-quality',
+                            severity: 'low',
+                            title: `${logLines.length}+ console.log statements in production code`,
+                            description: `Found ${logLines.length}+ console.log statements outside test files. These add unnecessary overhead and noise.`,
+                            file: logLines[0]?.split(':')[0] || 'multiple files',
+                            suggestion: `Remove console.log statements from production code. Use a proper logger (like pino or winston) that can be configured per environment, or use console.log only in development with a build-time strip.`,
+                            estimatedImpact: 'Cleaner output, slight performance improvement',
+                        });
+                    }
+                }
+            }
+            catch {
+                // grep found nothing — that's good
+            }
+        }
+        catch {
+            // Anti-pattern scanning is best-effort
+        }
+    }
+}

package/dist/scanners/index.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Scanner Registry
+ *
+ * All 10 VibeOptimise scanners, registered in priority order.
+ */
+export { KnipScanner } from './knip.js';
+export { JscpdScanner } from './jscpd.js';
+export { MadgeScanner } from './madge.js';
+export { DepcheckScanner } from './depcheck.js';
+export { BundlePhobiaScanner } from './bundlephobia.js';
+export { EslintPerfScanner } from './eslint-perf.js';
+export { SourceMapExplorerScanner } from './source-map-explorer.js';
+export { RegexSafetyScanner } from './regex-safety.js';
+export { CssEfficiencyScanner } from './css-efficiency.js';
+export { QueryEfficiencyScanner } from './query-efficiency.js';
+import { Scanner } from '../types.js';
+/**
+ * Get all scanners in priority order:
+ * 1. Performance-critical (circular deps, regex safety)
+ * 2. Dead code removal (knip, depcheck)
+ * 3. Duplication (jscpd)
+ * 4. Bundle & dependency analysis
+ * 5. Code quality & CSS
+ * 6. Query efficiency
+ */
+export declare function getAllScanners(): Scanner[];

package/dist/scanners/index.js

@@ -0,0 +1,53 @@
+/**
+ * Scanner Registry
+ *
+ * All 10 VibeOptimise scanners, registered in priority order.
+ */
+export { KnipScanner } from './knip.js';
+export { JscpdScanner } from './jscpd.js';
+export { MadgeScanner } from './madge.js';
+export { DepcheckScanner } from './depcheck.js';
+export { BundlePhobiaScanner } from './bundlephobia.js';
+export { EslintPerfScanner } from './eslint-perf.js';
+export { SourceMapExplorerScanner } from './source-map-explorer.js';
+export { RegexSafetyScanner } from './regex-safety.js';
+export { CssEfficiencyScanner } from './css-efficiency.js';
+export { QueryEfficiencyScanner } from './query-efficiency.js';
+import { KnipScanner } from './knip.js';
+import { JscpdScanner } from './jscpd.js';
+import { MadgeScanner } from './madge.js';
+import { DepcheckScanner } from './depcheck.js';
+import { BundlePhobiaScanner } from './bundlephobia.js';
+import { EslintPerfScanner } from './eslint-perf.js';
+import { SourceMapExplorerScanner } from './source-map-explorer.js';
+import { RegexSafetyScanner } from './regex-safety.js';
+import { CssEfficiencyScanner } from './css-efficiency.js';
+import { QueryEfficiencyScanner } from './query-efficiency.js';
+/**
+ * Get all scanners in priority order:
+ * 1. Performance-critical (circular deps, regex safety)
+ * 2. Dead code removal (knip, depcheck)
+ * 3. Duplication (jscpd)
+ * 4. Bundle & dependency analysis
+ * 5. Code quality & CSS
+ * 6. Query efficiency
+ */
+export function getAllScanners() {
+    return [
+        // Tier 1: Performance-critical
+        new MadgeScanner(),
+        new RegexSafetyScanner(),
+        // Tier 2: Dead weight removal
+        new KnipScanner(),
+        new DepcheckScanner(),
+        // Tier 3: Duplication
+        new JscpdScanner(),
+        // Tier 4: Bundle & dependency health
+        new BundlePhobiaScanner(),
+        new SourceMapExplorerScanner(),
+        new EslintPerfScanner(),
+        // Tier 5: Asset & query efficiency
+        new CssEfficiencyScanner(),
+        new QueryEfficiencyScanner(),
+    ];
+}

package/dist/scanners/jscpd.d.ts

@@ -0,0 +1,17 @@
+/**
+ * JSCPD Scanner — Code Duplication Detection
+ *
+ * Finds copy/pasted code blocks across the entire codebase.
+ * Uses Rabin-Karp algorithm, supports 150+ languages.
+ *
+ * Tool: jscpd (npm)
+ * Output: JSON reporter
+ */
+import { Scanner, ScannerResult, ScanOptions } from '../types.js';
+export declare class JscpdScanner implements Scanner {
+    name: string;
+    description: string;
+    category: "duplication";
+    isAvailable(): Promise<boolean>;
+    scan(targetDir: string, options: ScanOptions): Promise<ScannerResult>;
+}

package/dist/scanners/jscpd.js

@@ -0,0 +1,150 @@
+/**
+ * JSCPD Scanner — Code Duplication Detection
+ *
+ * Finds copy/pasted code blocks across the entire codebase.
+ * Uses Rabin-Karp algorithm, supports 150+ languages.
+ *
+ * Tool: jscpd (npm)
+ * Output: JSON reporter
+ */
+import { execSync } from 'child_process';
+import { existsSync, readFileSync, mkdirSync } from 'fs';
+import { join } from 'path';
+export class JscpdScanner {
+    name = 'JSCPD';
+    description = 'Copy/paste detector — finds duplicated code blocks across the codebase';
+    category = 'duplication';
+    async isAvailable() {
+        try {
+            execSync('npx jscpd --version', { stdio: 'pipe', timeout: 15000 });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async scan(targetDir, options) {
+        const start = Date.now();
+        const findings = [];
+        try {
+            const reportDir = join(targetDir, '.vibeoptimise-tmp');
+            mkdirSync(reportDir, { recursive: true });
+            const excludePatterns = [
+                '**/node_modules/**',
+                '**/dist/**',
+                '**/build/**',
+                '**/.next/**',
+                '**/coverage/**',
+                '**/*.min.js',
+                '**/*.map',
+                '**/package-lock.json',
+                '**/yarn.lock',
+                '**/pnpm-lock.yaml',
+                ...(options.exclude || []),
+            ].map(p => `"${p}"`).join(',');
+            const cmd = [
+                'npx jscpd',
+                `"${targetDir}"`,
+                '--min-tokens 50',
+                '--min-lines 5',
+                '--reporters json',
+                `--output "${reportDir}"`,
+                `--ignore ${excludePatterns}`,
+                '--silent',
+                '--formats "javascript,typescript,jsx,tsx,css,scss"',
+            ].join(' ');
+            try {
+                execSync(cmd, {
+                    cwd: targetDir,
+                    stdio: 'pipe',
+                    timeout: 120000,
+                });
+            }
+            catch {
+                // jscpd may exit non-zero when duplication exceeds threshold
+            }
+            // Read the JSON report
+            const reportPath = join(reportDir, 'jscpd-report.json');
+            if (!existsSync(reportPath)) {
+                // Clean up
+                try {
+                    execSync(`rm -rf "${reportDir}"`, { stdio: 'pipe' });
+                }
+                catch { }
+                return {
+                    scanner: this.name,
+                    findings: [],
+                    summary: '✅ No code duplication detected',
+                    duration: Date.now() - start,
+                };
+            }
+            const report = JSON.parse(readFileSync(reportPath, 'utf-8'));
+            // Clean up temp directory
+            try {
+                execSync(`rm -rf "${reportDir}"`, { stdio: 'pipe' });
+            }
+            catch { }
+            if (report.duplicates && Array.isArray(report.duplicates)) {
+                for (const clone of report.duplicates) {
+                    const firstFile = clone.firstFile?.name || 'unknown';
+                    const secondFile = clone.secondFile?.name || 'unknown';
+                    const lines = clone.lines || 0;
+                    const tokens = clone.tokens || 0;
+                    const firstStart = clone.firstFile?.startLoc?.line || 0;
+                    const firstEnd = clone.firstFile?.endLoc?.line || 0;
+                    const secondStart = clone.secondFile?.startLoc?.line || 0;
+                    const secondEnd = clone.secondFile?.endLoc?.line || 0;
+                    // Determine severity based on duplication size
+                    let severity = 'low';
+                    if (lines > 50)
+                        severity = 'high';
+                    else if (lines > 20)
+                        severity = 'medium';
+                    else if (lines > 10)
+                        severity = 'low';
+                    const sameFile = firstFile === secondFile;
+                    findings.push({
+                        id: `jscpd-${firstFile}-${firstStart}-${secondFile}-${secondStart}`,
+                        scanner: this.name,
+                        category: 'duplication',
+                        severity,
+                        title: `${lines} duplicated lines (${tokens} tokens)`,
+                        description: sameFile
+                            ? `Duplicated code block within "${firstFile}" — lines ${firstStart}-${firstEnd} and ${secondStart}-${secondEnd} are identical.`
+                            : `Duplicated code between "${firstFile}" (lines ${firstStart}-${firstEnd}) and "${secondFile}" (lines ${secondStart}-${secondEnd}).`,
+                        file: firstFile,
+                        line: firstStart,
+                        endLine: firstEnd,
+                        suggestion: sameFile
+                            ? `Extract the duplicated code (lines ${firstStart}-${firstEnd} and ${secondStart}-${secondEnd}) into a shared function within this file.`
+                            : `Extract the shared logic into a common utility module and import it from both "${firstFile}" and "${secondFile}".`,
+                        estimatedImpact: `~${lines} lines can be consolidated`,
+                        relatedFiles: sameFile ? undefined : [secondFile],
+                        metadata: { tokens, secondFileStart: secondStart, secondFileEnd: secondEnd },
+                    });
+                }
+            }
+            // Build summary from statistics
+            const stats = report.statistics;
+            const totalDuplication = stats?.total?.percentage ? `${stats.total.percentage.toFixed(1)}%` : 'unknown';
+            const totalClones = findings.length;
+            return {
+                scanner: this.name,
+                findings,
+                summary: totalClones === 0
+                    ? '✅ No significant code duplication found'
+                    : `Found ${totalClones} duplicated blocks (${totalDuplication} total duplication)`,
+                duration: Date.now() - start,
+            };
+        }
+        catch (err) {
+            return {
+                scanner: this.name,
+                findings: [],
+                summary: `Error: ${err.message}`,
+                duration: Date.now() - start,
+                error: err.message,
+            };
+        }
+    }
+}

package/dist/scanners/knip.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Knip Scanner — Dead Code Detection
+ *
+ * Finds unused files, dependencies, exports, types, and class members.
+ * The most comprehensive dead code scanner for JS/TS projects.
+ *
+ * Tool: knip (npm)
+ * Output: JSON via --reporter json
+ */
+import { Scanner, ScannerResult, ScanOptions } from '../types.js';
+export declare class KnipScanner implements Scanner {
+    name: string;
+    description: string;
+    category: "dead-code";
+    isAvailable(): Promise<boolean>;
+    scan(targetDir: string, options: ScanOptions): Promise<ScannerResult>;
+}