react-code-smell-detector 1.5.2 → 1.5.3

package/README.md

@@ -37,6 +37,11 @@ A CLI tool that analyzes React projects and detects common code smells, providin
 - 🗃️ **State Management Analysis**: Redux/Zustand anti-patterns, selector issues
 - 🧪 **Testing Gap Detection**: Identify complex components likely needing tests
 - 🤖 **AI Refactoring Suggestions**: LLM-powered smart refactoring recommendations
+- 🔒 **Security Audit**: Comprehensive vulnerability scanning (XSS, injection, secrets, crypto issues)
+- ⚡ **Performance Profiler**: Component optimization analysis with memoization & render metrics
+- 👥 **Team Dashboard**: Centralized view of team metrics, workload & quality trends
+- 🔗 **API Integration**: Sync with GitHub, Slack, Jira, monitoring platforms & webhooks
+- 🔍 **Custom Analyzer**: Define and apply project-specific code quality rules
 
 ### Detected Code Smells
 
@@ -271,6 +276,169 @@ react-smell ./src -f pdf -o report.pdf --baseline --trend-analysis
 - Executive dashboards
 - Compliance documentation
 
+### Security Audit
+
+Comprehensive security vulnerability scanning and compliance analysis:
+
+```bash
+# Run security audit
+react-smell ./src --security-audit
+
+# Include secret detection
+react-smell ./src --security-audit --check-secrets
+
+# Generate security report
+react-smell ./src --security-audit -f json -o security-report.json
+```
+
+**Detects:**
+- **XSS Vulnerabilities**: dangerouslySetInnerHTML, innerHTML assignment, eval() usage
+- **Injection Attacks**: SQL injection, command injection, regex injection patterns
+- **Secrets Exposure**: API keys, passwords, tokens, private keys
+- **Cryptography Issues**: Deprecated cipher functions, weak hashing (MD5, SHA1), weak random generation
+- **CVSS Scoring**: Risk assessment with industry-standard vulnerability scoring
+
+**Output:** Compliance score, risk level, critical/high/medium/low categorization, remediation suggestions
+
+### Performance Profiler
+
+Analyze and optimize component performance characteristics:
+
+```bash
+# Profile performance metrics
+react-smell ./src --performance
+
+# Get detailed performance analysis
+react-smell ./src --performance --detailed
+
+# Export performance metrics
+react-smell ./src --performance -f json -o perf-metrics.json
+```
+
+**Analyzes:**
+- **Render Time**: Estimated component rendering duration
+- **Memory Usage**: Approximate memory footprint per component
+- **Memoization Score**: Identifies missing useMemo/useCallback opportunities (0-100)
+- **Render Efficiency**: Optimization potential rating
+- **Bottleneck Detection**: Identifies slow, memory-intensive, or re-render-heavy components
+- **Hook Usage**: State and effect hook analysis for consolidation opportunities
+
+### Team Dashboard
+
+Centralized metrics view for team collaboration and quality tracking:
+
+```bash
+# Generate team dashboard
+react-smell dashboard
+
+# Include team members
+react-smell dashboard --team-members team.json
+
+# View in CI/CD pipeline
+react-smell dashboard -f json | post-to-dashboard-api
+```
+
+**Features:**
+- **Team Metrics**: Member count, component ownership, average code quality
+- **Health Status**: Excellent/Good/Fair/Poor/Critical team health indicator
+- **Common Issues**: Top code smells affecting the team with frequency counts
+- **Activity Log**: Recent analysis events with timestamps
+- **Alerts**: Critical issues, component overload warnings, team workload indicators
+- **Ownership Tracking**: Component assignment to team members
+
+### API Integration
+
+Sync analysis results with external services, issue trackers, and monitoring platforms:
+
+```bash
+# Send to external API
+react-smell ./src --send-to-api https://api.example.com --api-key sk-xxx
+
+# Post issues to GitHub/GitLab
+react-smell ./src --post-issues --github --token $GITHUB_TOKEN
+
+# Send Slack notifications
+react-smell ./src --webhook https://hooks.slack.com/services/xxx
+
+# Check SLA compliance
+react-smell ./src --check-sla ./sla-config.json
+
+# Comment on pull requests
+react-smell ./src --comment-pr --pr-number 123 --pr-token $TOKEN
+
+# Sync to monitoring platform
+react-smell ./src --sync-metrics https://metrics.service.com
+```
+
+**Integrations:**
+- GitHub Issues, GitHub Pull Request Comments, GitHub Actions
+- GitLab Issues, Merge Request comments
+- Jira issue creation and linking
+- Slack notifications and dashboards
+- Discord webhooks
+- Datadog, New Relic, and other APM platforms
+- Custom REST API endpoints
+- SLA monitoring and compliance checking
+
+### Custom Analyzer
+
+Define and apply project-specific code quality rules:
+
+```bash
+# Create custom rules
+react-smell init --custom-rules
+
+# Apply custom rules
+react-smell ./src --custom-rules ./custom-rules.json
+
+# Validate rules before applying
+react-smell ./src --validate-rules ./custom-rules.json
+```
+
+**Example Custom Rules:**
+
+```json
+{
+  "customRules": [
+    {
+      "id": "no-magic-numbers",
+      "name": "No Magic Numbers",
+      "pattern": "[0-9]{3,}",
+      "severity": "warning",
+      "message": "Magic number found",
+      "suggestion": "Extract to named constant",
+      "enabled": true
+    },
+    {
+      "id": "naming-convention",
+      "name": "Component Naming",
+      "pattern": "^[a-z].*\\.tsx$",
+      "severity": "warning",
+      "message": "Component name must start with uppercase",
+      "suggestion": "Use PascalCase",
+      "enabled": true
+    },
+    {
+      "id": "no-console-in-prod",
+      "name": "No Console in Production",
+      "pattern": "console\\.(log|warn|error)",
+      "severity": "info",
+      "message": "Console statement detected",
+      "suggestion": "Remove or use logger",
+      "enabled": false
+    }
+  ]
+}
+```
+
+**Rule Features:**
+- String and regex pattern matching
+- File/component/function/expression scope filtering
+- Include/exclude patterns for file filtering
+- Enable/disable rules individually
+- Custom severity levels
+- Multi-line pattern matching
+
 ### Configuration
 
 Create a `.smellrc.json` file:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-code-smell-detector",
-  "version": "1.5.2",
+  "version": "1.5.3",
   "description": "Detect code smells in React projects - useEffect overuse, prop drilling, large components, security issues, accessibility, memory leaks, React 19 Server Components, and more",
   "main": "dist/index.js",
   "bin": {