Across 545 analyzed functions in full-stack-fastapi-template — a production-ready FastAPI + React scaffold used as a starting point for full-stack applications — the HTTP client layer is the highest-priority refactoring target: the top anonymous function in frontend/src/client/core/request.ts holds a recent commit activity of 10.15, meaning it is not merely complex but is being actively changed right now, which converts structural risk into live regression exposure. Only 2 functions reached the critical band, but they sit in different layers — the API request pipeline and the UI component tree — suggesting that churn is distributed across the stack. The combination of god_function patterns, deep nesting, and high fan-out across the top five hotspots points to coupling pressure that will compound as the template evolves.
The table below ranks functions by activity-weighted risk — a score that multiplies structural complexity by recent commit frequency. A function that is both hard to understand (high cyclomatic complexity) and actively changing is a higher priority than one that is complex but untouched. CC = cyclomatic complexity (independent execution paths); ND = max nesting depth; FO = fan-out (distinct callees).
Top 5 Hotspots
| Function | File | Risk | CC | ND | FO |
|---|---|---|---|---|---|
<anonymous> | frontend/src/client/core/request.ts | 10.6 | 15 | 5 | 11 |
SidebarProvider | frontend/src/components/ui/sidebar.tsx | 9.9 | 5 | 1 | 19 |
cancel | frontend/src/client/core/CancelablePromise.ts | 8.9 | 12 | 3 | 2 |
<anonymous> | frontend/src/client/core/request.ts | 8.7 | 11 | 3 | 13 |
ThemeProvider | frontend/src/components/theme-provider.tsx | 8.7 | 4 | 1 | 14 |
Hotspot Analysis
<anonymous> — frontend/src/client/core/request.ts
This anonymous function sits inside the core HTTP request module and almost certainly handles the main fetch/XHR dispatch logic — request construction, header injection, error branching, and response normalization are all typical responsibilities at this path. Its cyclomatic complexity of 15 means at least 15 independent execution paths must be reasoned about and tested, while a max nesting depth of 5 makes those paths difficult to trace visually. A fan-out of 11 distinct callees combined with a recent commit activity of 10.15 — the highest in the repository — means every commit touching this function risks breaking one or more of those downstream dependencies under conditions that are hard to reproduce without exhaustive test coverage.
Recommendation: Add characterization tests covering the 15 execution paths before making any further changes, then extract distinct concerns (auth header injection, error classification, response parsing) into named helper functions to reduce both CC and fan-out to individually testable units.
SidebarProvider — frontend/src/components/ui/sidebar.tsx
SidebarProvider is a React context provider responsible for managing sidebar state and distributing it to the component subtree — a role that naturally accumulates responsibilities as the UI grows. Its cyclomatic complexity of 5 is moderate, but its fan-out of 19 is the structural signal to focus on: 19 distinct functions called from a single provider means changes here carry an unusually wide blast radius across the component layer. The god_function and long_function patterns confirm that this provider has absorbed concerns beyond state distribution, and exit_heavy indicates it manages multiple return paths through its lifecycle logic. A recent commit activity of 9.48 places it firmly in the critical band, meaning that blast radius is being exercised regularly.
Recommendation: Audit the 19 callees to identify which responsibilities belong in sub-providers or custom hooks, then extract those concerns to reduce fan-out and limit the blast radius of future sidebar-related changes.
cancel — frontend/src/client/core/CancelablePromise.ts
The cancel function in CancelablePromise.ts manages the lifecycle termination of in-flight HTTP requests — canceling pending promises typically requires coordinating state flags, resolving or rejecting deferred values, and cleaning up listeners, all of which produce branching logic. A cyclomatic complexity of 12 and max nesting depth of 3 confirm that the cancellation logic is non-trivial, with 12 paths that each represent a scenario where partial cleanup or incorrect state transition could silently corrupt request state. With a recent commit activity of 8.45 in the high band, this function is being touched frequently enough that its 12-path surface area is a recurring regression risk in the request pipeline.
Recommendation: Map out the 12 execution paths as explicit unit tests covering edge cases such as double-cancellation and cancellation after resolution, then evaluate whether the branching can be reduced by modeling promise states as an explicit state machine.
Patterns Found
Antipatterns detected across the top functions in this snapshot:
| Pattern | Occurrences |
|---|---|
god_function | 3 |
long_function | 2 |
complex_branching | 1 |
deeply_nested | 1 |
exit_heavy | 1 |
These labels belong to two tiers — Tier 1 (structural): complex_branching, deeply_nested, exit_heavy, long_function, god_function. Tier 2 (relational/temporal): hub_function, cyclic_hub, middle_man, neighbor_risk, stale_complex, churn_magnet, shotgun_target, volatile_god.
Key Takeaways
- The anonymous function in frontend/src/client/core/request.ts has a recent commit activity of 10.15 and cyclomatic complexity of 15 — write characterization tests covering all 15 paths before the next commit touches it.
- SidebarProvider’s fan-out of 19 is the widest in the top hotspots; decompose it into focused sub-providers or hooks to contain the blast radius of UI-layer changes.
- The cancel function in CancelablePromise.ts has 12 cyclomatic complexity paths and is actively changing — model its promise lifecycle states explicitly to prevent silent regressions in request teardown.
Reproduce This Analysis
git clone https://github.com/fastapi/full-stack-fastapi-template
cd full-stack-fastapi-template
git checkout fbaf2dbe9d35a53cc74a60d6538a3bf17adc4857
hotspots analyze . --mode snapshot --explain-patterns --forceTo run the same analysis on your own codebase, run hotspots analyze . --mode snapshot in any local git repo — no configuration required.
Hotspots highlights structural and activity risk — not “bad code.” Findings are a prioritization aid, not a bug predictor. Editorial policy →