Find the riskiest code
in any repo.
Know which functions to fix before your next incident. One command, any codebase, no config.
TypeScript · JavaScript · Rust · Go · Python · Java
$ hotspots analyze scripts/
18.8 send_digest.py send_digest critical
14.4 core.py _load_content critical
6.9 enrich_git.py _rel_path moderateInstall in 30 seconds
One command. No daemon. No config file required.
$ brew install Stephen-Collins-tech/tap/hotspots$ hotspots analyze scripts/Top risk functions
18.8 send_digest.py send_digest critical
14.4 core.py _load_content critical
6.9 enrich_git.py _rel_path moderateWhat you get
In under a minute, on any repo.
Block complexity regressions
Run in delta mode with --policy. CI fails if a PR introduces a new critical function or spikes an existing one.
Prioritize with a risk score
Every function gets a numeric score. No guessing — a ranked list you can act on in the next sprint.
Find what's causing incidents
Combines cyclomatic complexity with churn history to surface functions that are hard to understand and frequently changing.
Recent analyses
Browse all →mattermost/mattermost
mattermost/mattermost's API and notification layer carries the highest activity risk — 5 functions to address first
Jun 5, 2026
portainer/portainer
portainer's Kubernetes and API layer — 5 high-activity-risk functions to address first
Jun 4, 2026
NervJS/taro
NervJS/taro's transformer layer carries the highest structural debt — 5 functions to fix
Jun 3, 2026
Real output. Real repos.
Every analysis on this site was run automatically against a real open-source repo — same tool, same command, nightly. You can reproduce any post locally in one command.
100+
repos analyzed
nightly
new analyses added
1 cmd
to reproduce any post
$ hotspots analyze <path> --mode snapshot --format json --explain-patterns --force