repolyze

Analyze a git source code repository for health signals and project vitals

Usage

Analyze the current directory as a git repository and print JSON (for tooling or AI agents):

npx repolyze --json .

Analyze another path:

npx repolyze --json /path/to/repo

Emit a Markdown report optimized for LLM consumption:

npx repolyze --markdown .

Verbose mode (prints git invocations to stderr):

npx repolyze --verbose .

Help:

npx repolyze --help

When the package is installed globally, use the repolyze command the same way (for example repolyze --json .).

Screenshots

Requirements

• Node.js v24 or newer
• git available on your PATH

Install

Install globally (pick your package manager):

npm install -g repolyze

pnpm add -g repolyze

Or run without installing, using npx (downloads the package for that invocation):

npx repolyze --help

Credits & References

The default signals this tool collects mirror the git workflow described by Ally Piechowski in The Git Commands I Run Before Reading Any Code. See docs/repository-analysis.md for command-by-command notes, caveats, and the same attribution in context.

References:

• fallow-rs - Static analysis for source code health based on git
• vibe-security-radar - Georgia Tech SSLab research that correlates public CVE/advisory data with git history (blame, fix commits, squash-merge context) and commit-metadata heuristics (co-authors, bot emails, tool markers), with LLM-assisted triage—not a drop-in for repolyze, but a useful contrast for how far you can push git- and commit-derived security storytelling

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Developing this repo locally (running from source, tests, build): see DEVELOPMENT.md.

Author

repolyze © Liran Tal, Released under the Apache-2.0 License.