fallow 2.78.1 → 2.80.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,14 +1,18 @@
1
1
  # fallow
2
2
 
3
- Codebase intelligence for TypeScript and JavaScript, built in Rust.
3
+ **Deterministic codebase intelligence for TypeScript and JavaScript.**
4
+
5
+ Quality, risk, architecture, dependencies, duplication, and safe cleanup evidence for humans, CI, and agents.
4
6
 
5
7
  [![CI](https://github.com/fallow-rs/fallow/actions/workflows/ci.yml/badge.svg)](https://github.com/fallow-rs/fallow/actions/workflows/ci.yml)
6
8
  [![npm](https://img.shields.io/npm/v/fallow.svg)](https://www.npmjs.com/package/fallow)
7
9
  [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/fallow-rs/fallow/blob/main/LICENSE)
8
10
 
9
- Static analysis finds what is connected. Runtime intelligence finds what actually runs. Both land in the same report. The free static layer analyzes your codebase for unused files, exports, dependencies, and types, detects circular dependencies, finds duplicated code blocks, surfaces complexity hotspots, and enforces architecture boundaries. An optional paid runtime layer (Fallow Runtime) adds production execution evidence so you can delete and refactor with confidence. **5-41x faster** than [knip](https://knip.dev) v5 (**2-18x faster** than knip v6), **8-29x faster** than [jscpd](https://github.com/kucherenko/jscpd) for duplication detection, with no Node.js runtime dependency.
11
+ Fallow turns a JS/TS repository into a trusted quality report: health score, changed-code risk, hotspots, duplication, architecture issues, dependency hygiene, and cleanup opportunities.
12
+
13
+ It helps you answer: what changed, what got riskier, what should be reviewed, what should be refactored, and what can be safely removed. No AI inside the analyzer. Fallow produces deterministic findings, typed output contracts, and traceable explanations that downstream tools can trust.
10
14
 
11
- Static analysis is free and open source. Runtime intelligence is the paid team layer.
15
+ Static analysis is free and open source. An optional paid runtime layer (Fallow Runtime) adds production execution evidence. Rust-native, sub-second, 97 framework plugins, 5-41x faster than [knip](https://knip.dev) v5 (2-18x faster than knip v6), 8-29x faster than [jscpd](https://github.com/kucherenko/jscpd) for duplication detection, with no Node.js runtime dependency for analysis.
12
16
 
13
17
  ## Installation
14
18
 
@@ -36,31 +40,29 @@ import type { CheckOutput, FallowJsonOutput } from "fallow/types";
36
40
 
37
41
  The types are generated from the same schema as the VS Code extension and pin to the CLI version you install. See [docs.fallow.tools](https://docs.fallow.tools) for the full output contract.
38
42
 
39
- ## Usage
43
+ ## Quick start
40
44
 
41
45
  ```bash
42
- fallow # All analyses -- zero config, sub-second
43
- fallow dead-code # Unused code only
44
- fallow dupes # Duplication detection -- find copy-paste clones
45
- fallow dupes --mode semantic # Catch clones with renamed variables
46
- fallow health # Complexity metrics -- cyclomatic + cognitive
47
- fallow fix --dry-run # Preview auto-removal of unused exports and deps
46
+ npx fallow audit # PR-style audit: verdict pass / warn / fail
47
+ npx fallow audit --format json # Machine-readable audit (for CI and agents)
48
+ npx fallow health --score # Quality score and grade
49
+ npx fallow # Full codebase analysis: health + duplication + cleanup
50
+ npx fallow dead-code # Cleanup-specific findings
51
+ npx fallow fix --dry-run # Preview automatic cleanup
48
52
  ```
49
53
 
50
- ## What it finds
51
-
52
- - **Unused files** -- not reachable from any entry point
53
- - **Unused exports** -- exported symbols never imported elsewhere
54
- - **Unused types** -- type aliases and interfaces never referenced
55
- - **Unused dependencies** -- packages in `dependencies` never imported
56
- - **Unused devDependencies** -- dev packages not referenced
57
- - **Unused enum members** -- enum values never referenced
58
- - **Unused class members** -- class methods and properties never referenced (tracks instance usage: `const svc = new MyService(); svc.greet()` counts `greet` as used)
59
- - **Unresolved imports** -- import specifiers that cannot be resolved
60
- - **Unlisted dependencies** -- imported packages missing from `package.json`
61
- - **Duplicate exports** -- same symbol exported from multiple modules
62
- - **Circular dependencies** -- import cycles in the module graph
63
- - **Type-only dependencies** -- production deps only used via `import type`
54
+ ## What Fallow reports
55
+
56
+ - **Quality score** -- compact health score with grade and trend delta when snapshot history is enabled
57
+ - **PR risk** -- changed-code analysis with pass / warn / fail verdict and per-finding attribution
58
+ - **Hotspots** -- functions, files, and packages combining complexity, churn, size, and coupling
59
+ - **Duplication** -- clone families across four detection modes (strict, mild, weak, semantic)
60
+ - **Architecture** -- circular dependencies, boundary violations, re-export chains
61
+ - **Dependency hygiene** -- unused, unlisted, unresolved, duplicate, and type-only deps; pnpm catalog and overrides
62
+ - **Cleanup opportunities** -- unused files, exports, types, enum members, class members, stale suppressions
63
+ - **Runtime intelligence (optional, paid)** -- hot paths, cold code, runtime-weighted health, stale flags
64
+
65
+ Cleanup opportunities are findings that look safe to review for removal because no graph evidence supports keeping them. Dead code is one category of cleanup, not the product identity.
64
66
 
65
67
  ## Code duplication
66
68
 
@@ -71,11 +73,24 @@ fallow dupes --threshold 5 # Fail CI if duplication exceeds 5%
71
73
  fallow dupes --save-baseline # Save current duplication as baseline
72
74
  ```
73
75
 
74
- 4 detection modes (strict, mild, weak, semantic), clone family grouping with refactoring suggestions, baseline tracking, and cross-language TS/JS matching.
76
+ Four detection modes (strict, mild, weak, semantic), clone family grouping with refactoring suggestions, baseline tracking, and cross-language TS/JS matching.
77
+
78
+ ## Built for agents
79
+
80
+ Fallow gives AI agents structured repo truth instead of forcing them to infer everything from grep. Agents call the CLI or the MCP server to answer:
81
+
82
+ - Who imports this symbol?
83
+ - Why is this export considered used or unused?
84
+ - What changed in this PR?
85
+ - Which files are risky to touch?
86
+ - What duplicate siblings exist?
87
+ - What cleanup action is safest?
88
+
89
+ Every issue in `--format json` carries a machine-actionable `actions` array with an `auto_fixable` flag so agents can self-correct.
75
90
 
76
91
  ## Framework support
77
92
 
78
- 95 built-in plugins covering Next.js, Nuxt, Remix, Qwik, SvelteKit, Gatsby, Astro, Angular, NestJS, AdonisJS, Expo Router, Vite, Webpack, Vitest, Jest, Playwright, Cypress, Storybook, ESLint, TypeScript, Tailwind, UnoCSS, Prisma, Drizzle, Convex, Turborepo, Hardhat, and many more. Auto-detected from your `package.json`.
93
+ 97 built-in plugins covering Next.js, Nuxt, Remix, Qwik, SvelteKit, Gatsby, Astro, Angular, NestJS, AdonisJS, Ember, Expo Router, Vite, Webpack, Vitest, Jest, Playwright, Cypress, Storybook, ESLint, TypeScript, Tailwind, UnoCSS, Prisma, Drizzle, Convex, Turborepo, Hardhat, and many more. Auto-detected from your `package.json`.
79
94
 
80
95
  ## Configuration
81
96
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "fallow",
3
- "version": "2.78.1",
4
- "description": "Codebase intelligence for TypeScript and JavaScript. Finds unused code, duplication, circular dependencies, complexity hotspots, and architecture drift. Optional runtime intelligence layer (Fallow Runtime) adds production execution evidence. Rust-native, sub-second, 95 framework plugins.",
3
+ "version": "2.80.0",
4
+ "description": "Deterministic codebase intelligence for TypeScript and JavaScript. Quality, risk, architecture, dependencies, duplication, and safe cleanup evidence for humans, CI, and agents. Optional runtime intelligence layer (Fallow Runtime) adds production execution evidence. Rust-native, sub-second, 96 framework plugins.",
5
5
  "license": "MIT",
6
6
  "repository": {
7
7
  "type": "git",
@@ -17,14 +17,21 @@
17
17
  "docs": "https://docs.fallow.tools"
18
18
  },
19
19
  "keywords": [
20
- "unused-code",
21
- "circular-dependencies",
20
+ "code-intelligence",
21
+ "code-quality",
22
+ "pr-risk",
23
+ "static-analysis",
22
24
  "code-duplication",
23
- "lint",
24
- "analyzer",
25
+ "circular-dependencies",
26
+ "unused-code",
27
+ "complexity",
28
+ "architecture",
25
29
  "typescript",
26
30
  "javascript",
27
- "static-analysis",
31
+ "analyzer",
32
+ "lint",
33
+ "lsp",
34
+ "mcp",
28
35
  "agent-skills",
29
36
  "tanstack-intent"
30
37
  ],
@@ -74,13 +81,13 @@
74
81
  "@tanstack/intent": "0.0.41"
75
82
  },
76
83
  "optionalDependencies": {
77
- "@fallow-cli/darwin-arm64": "2.78.1",
78
- "@fallow-cli/darwin-x64": "2.78.1",
79
- "@fallow-cli/linux-x64-gnu": "2.78.1",
80
- "@fallow-cli/linux-arm64-gnu": "2.78.1",
81
- "@fallow-cli/linux-x64-musl": "2.78.1",
82
- "@fallow-cli/linux-arm64-musl": "2.78.1",
83
- "@fallow-cli/win32-arm64-msvc": "2.78.1",
84
- "@fallow-cli/win32-x64-msvc": "2.78.1"
84
+ "@fallow-cli/darwin-arm64": "2.80.0",
85
+ "@fallow-cli/darwin-x64": "2.80.0",
86
+ "@fallow-cli/linux-x64-gnu": "2.80.0",
87
+ "@fallow-cli/linux-arm64-gnu": "2.80.0",
88
+ "@fallow-cli/linux-x64-musl": "2.80.0",
89
+ "@fallow-cli/linux-arm64-musl": "2.80.0",
90
+ "@fallow-cli/win32-arm64-msvc": "2.80.0",
91
+ "@fallow-cli/win32-x64-msvc": "2.80.0"
85
92
  }
86
93
  }
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: fallow
3
- description: Codebase intelligence for JavaScript and TypeScript. Free static layer finds unused code (files, exports, types, dependencies), code duplication, circular dependencies, complexity hotspots, architecture boundary violations, and feature flag patterns. Runtime coverage merges production execution data into the same health report for hot-path review, cold-path deletion confidence, and stale-flag evidence - a single local capture is free, while continuous/cloud runtime monitoring is paid. 95 framework plugins, zero configuration, sub-second static analysis. Use when asked to analyze code health, find unused code, detect duplicates, check circular dependencies, audit complexity, check architecture boundaries, detect feature flags, clean up the codebase, auto-fix issues, merge runtime coverage, or run fallow.
3
+ description: Codebase intelligence for JavaScript and TypeScript. Free static layer finds unused code (files, exports, types, dependencies), code duplication, circular dependencies, complexity hotspots, architecture boundary violations, and feature flag patterns. Runtime coverage merges production execution data into the same health report for hot-path review, cold-path deletion confidence, and stale-flag evidence - a single local capture is free, while continuous/cloud runtime monitoring is paid. 97 framework plugins, zero configuration, sub-second static analysis. Use when asked to analyze code health, find unused code, detect duplicates, check circular dependencies, audit complexity, check architecture boundaries, detect feature flags, clean up the codebase, auto-fix issues, merge runtime coverage, or run fallow.
4
4
  license: MIT
5
5
  metadata:
6
6
  author: Bart Waardenburg
@@ -10,7 +10,7 @@ metadata:
10
10
 
11
11
  # Fallow: codebase intelligence for JavaScript and TypeScript
12
12
 
13
- Codebase intelligence for JavaScript and TypeScript. The free static layer finds unused code, circular dependencies, code duplication, complexity hotspots, architecture boundary violations, and feature flag patterns. Runtime coverage merges production execution data into the same `fallow health` report for hot-path review, cold-path deletion confidence, and stale-flag evidence: a single local capture is free, while continuous/cloud runtime monitoring is paid. 95 framework plugins, zero configuration, sub-second static analysis.
13
+ Codebase intelligence for JavaScript and TypeScript. The free static layer finds unused code, circular dependencies, code duplication, complexity hotspots, architecture boundary violations, and feature flag patterns. Runtime coverage merges production execution data into the same `fallow health` report for hot-path review, cold-path deletion confidence, and stale-flag evidence: a single local capture is free, while continuous/cloud runtime monitoring is paid. 97 framework plugins, zero configuration, sub-second static analysis.
14
14
 
15
15
  ## When to Use
16
16
 
@@ -218,7 +218,7 @@ fallow list --entry-points --format json --quiet
218
218
  fallow list --plugins --format json --quiet
219
219
  ```
220
220
 
221
- Shows detected entry points and active framework plugins (94 built-in: Next.js, Vite, Jest, Storybook, Tailwind, PandaCSS, tap, tsd, etc.).
221
+ Shows detected entry points and active framework plugins (97 built-in: Next.js, Vite, Ember, Jest, Storybook, Tailwind, PandaCSS, tap, tsd, etc.).
222
222
 
223
223
  ### Production-only analysis
224
224
 
@@ -323,7 +323,7 @@ When `--format json` is active and exit code is 2, errors are emitted as JSON on
323
323
 
324
324
  ## Configuration
325
325
 
326
- Fallow reads config from project root: `.fallowrc.json` > `.fallowrc.jsonc` > `fallow.toml` > `.fallow.toml`. Both `.fallowrc.json` and `.fallowrc.jsonc` accept JSON-with-comments syntax (same parser); the `.jsonc` extension lets editors auto-detect JSONC syntax highlighting. Most projects work with zero configuration thanks to 94 auto-detecting framework plugins.
326
+ Fallow reads config from project root: `.fallowrc.json` > `.fallowrc.jsonc` > `fallow.toml` > `.fallow.toml`. Both `.fallowrc.json` and `.fallowrc.jsonc` accept JSON-with-comments syntax (same parser); the `.jsonc` extension lets editors auto-detect JSONC syntax highlighting. Most projects work with zero configuration thanks to 97 auto-detecting framework plugins.
327
327
 
328
328
  ```jsonc
329
329
  {
@@ -372,7 +372,7 @@ export const deprecatedHelper = () => {};
372
372
  ## Key Gotchas
373
373
 
374
374
  - **`fix --yes` is required** in non-TTY (agent) environments. Without it, `fix` exits with code 2
375
- - **Zero config by default.** 95 framework plugins auto-detect, including tap and tsd test entry points. Don't create config unless customization is needed
375
+ - **Zero config by default.** 97 framework plugins auto-detect, including tap and tsd test entry points. Don't create config unless customization is needed
376
376
  - **Syntactic analysis only.** No TypeScript compiler, so fully dynamic `import(variable)` is not resolved
377
377
  - **Function overloads are deduplicated.** TypeScript function overload signatures are merged into a single export (not reported as separate unused exports)
378
378
  - **Re-export chains are resolved.** Exports through barrel files are tracked, not falsely flagged