Find the riskiest code in any repo.
The 20% of functions causing 80% of your bugs, incidents, and slowdowns — identified automatically.
Works on TypeScript, JavaScript, Rust, Go, Python, and Java.
$ hotspots analyze src/
12.4 billing.ts processPlanUpgrade CRIT
9.8 session.ts validateSession HIGH
8.1 migrate.ts applySchema HIGHInstall in 30 seconds
One command. No daemon. No config file required.
$ brew install Stephen-Collins-tech/tap/hotspots$ curl -fsSL https://raw.githubusercontent.com/Stephen-Collins-tech/hotspots/main/install.sh | sh$ hotspots analyze .Top risk functions
12.4 src/billing.ts processPlanUpgrade CRIT
9.8 src/session.ts validateSession HIGH
8.1 src/migrate.ts applySchema HIGHWhat you get
Block complexity regressions in CI
Run hotspots in delta mode with --policy and your CI fails if a PR introduces a new critical function or spikes an existing one. No manual review required.
Prioritize refactors with a data-driven risk score
Every function gets a numeric score. No guessing, no gut feeling — just a ranked list you can act on in the next sprint.
Find the 5 files causing 80% of your bugs
Hotspots combines cyclomatic complexity with churn history to surface the exact functions that are both hard to understand and frequently changing.
Recent analyses
Browse all →garrytan/gstack
gstack's browse layer carries the highest activity risk — 5 functions to address first
Mar 24, 2026
shareAI-lab/learn-claude-code
learn-claude-code's agent layer carries highest activity risk — 5 functions to address
Mar 23, 2026
gsd-build/get-shit-done
get-shit-done's CLI core carries the highest activity risk — 5 functions to address first
Mar 22, 2026
Real output on real repos
Every post is a full hotspots analysis run automatically against a real open-source repo — same tool, same command, reproducible output. New repos are analyzed nightly.
$ hotspots analyze <path> --mode snapshot --format json --explain-patterns --force