javascript Code Health
19 open-source javascript repositories analyzed by activity-weighted risk — complexity × recent commit frequency. Sorted highest risk first.
BMAD-METHOD's installer module carries the highest activity risk — 5 functions to address first
Five functions in BMAD-METHOD's installer layer combine high cyclomatic complexity with deep nesting and active churn — making the module management subsystem the repo's highest-priority refactoring target.
career-ops' analysis layer carries the highest activity risk — 5 functions to address first
The top-ranked function in career-ops has 54 outbound calls and 42 execution paths — and it was touched just 27 days ago. That combination makes it a live regression risk, not a cleanup backlog item.
koajs/koa's response layer carries the highest structural risk — 5 functions to address first
Koa's response pipeline is carrying the most structural weight: the respond function in lib/application.js has accumulated god-function complexity with 26 independent execution paths and hasn't been touched in over seven months — meaning the next change there arrives against a high-complexity backdrop with no recent test pressure. Meanwhile, the set function in lib/response.js was modified today, making it the only live regression risk in the repository right now.
javascript-interview-questions' deepMerge carries the highest risk — 1 function to address first
A repository built to demonstrate JavaScript mastery has one function quietly accumulating structural debt: deepMerge, untouched for over five months, carries every quality signal worth watching before the next contributor opens it up.
reactjs-interview-questions' coding-exercise carries the highest risk — 2 functions first
The coding-exercise module in reactjs-interview-questions has quietly accumulated structural debt in two functions that haven't been touched in months — one of them for over 750 days. When development next reaches this corner of the repo, the blast radius will be wider than the file size suggests.
eslint's rule engine carries the highest activity risk — 2 functions to address first
The eslint rule most developers rely on to catch dead code also has 114 independent execution paths — and it's still being actively changed. That combination is a live regression risk, not a cleanup b
chalk/chalk's vendor layer carries the highest activity risk — 3 functions to address first
chalk's riskiest code isn't in its core index.js — it's inside two vendored files carrying structural debt frozen in place for years, with high blast radii that warrant refactoring before the vendor copies are next updated.
google/zx's markdown layer is the live regression risk — 4 structural debt functions follow
zx's markdown transformer is the live regression risk — CC 18 and actively changing. _pipe and formatCmd are structural debt: equally complex, but stable for months and overdue for proactive refactoring.
bruno's OpenAPI sync and CLI runner carry the highest activity risk — 3 functions to address first
Two anonymous god-functions in openapi-sync.js (CC 135, CC 100) and a CLI runner function (CC 169) are both structurally extreme and actively changing, making them live regression risks in bruno's request execution layer.
get-shit-done's CLI core carries the highest activity risk — 5 functions to address first
Every top hotspot in get-shit-done lives in the CLI layer — and all five are actively changing right now. The command dispatcher alone has 181 execution paths and calls 108 distinct functions.
drawdb's editor and SQL layer carry the highest activity risk — 5 functions to address first
drawdb's diagram editor hides a live regression risk: its ControlPanel component is both deeply complex and actively changing right now — CC 55, nesting depth 15, and 163 distinct callees.
Preact's diff engine carries the highest activity risk — 3 functions to address first
Preact's virtual DOM differ is both its most structurally complex code and its most actively changed — a combination that makes every commit to src/diff/index.js a live regression risk right now.
hackathon-starter's auth and API layer carries the highest activity risk — 5 functions to address first
All five of hackathon-starter's top hotspots sit in the auth and API layer — and every single one is in the 'fire' quadrant, meaning complexity and active commits are colliding right now.
dayjs's core formatter carries the highest structural debt — 5 functions to address first
dayjs's core format function has 38 independent execution paths and calls 13 distinct functions — structural debt that will bite hard the moment that code is touched again.
docsify's YAML front-matter parser carries the highest activity risk — 3 functions to address first
docsify's YAML front-matter parser hides a nesting depth of 19 inside a single function — and the render layer is actively changing on top of CC 34 and fan-out of 80.
Puter's GUI layer carries the highest activity risk — 3 functions to address first
Puter's window and file-item rendering code is both extremely complex and actively changing right now — a combination that makes every commit a potential regression in the core desktop UI.
React's compiler and hooks plugin carry the highest activity risk — 5 functions
React's new compiler and its exhaustive-deps lint rule are where structural complexity meets live development pressure — five functions account for the repo's highest combined complexity and recent ac
immer's perf scripts and plugins carry the highest risk — 5 functions to review first
immer's highest-ranked hotspots are split between performance tooling and core plugin code. The production concern is concentrated in patches, array method interception, and proxy access paths.
remote-jobs' link checker carries the highest risk — 5 functions to review first
A single script file, fix-links.mjs, concentrates the highest structural and activity risk in remote-jobs — its top function carries a cyclomatic complexity of 38.